Privacy Policy

June 14, 2018

Threema GmbH (hereafter “Threema”) was founded on the premise of bulletproof data protection. It is our primary goal to store only the absolute  minimum of information for the shortest possible time (“Privacy by Design”). In addition to using state-of-the-art encryption methods, we take all necessary technical and organizational measures to prevent unauthorized data access and misuse. The processing and protection of data is carried out in accordance with applicable legal regulations and EU Regulation 2016/679 (GDPR).

By using the “Threema Broadcast” website, you consent to the collection, processing and use of data as described below.

1. General Information

This Privacy Policy refers to the processing of personal data in connection with the use of Threema Broadcast (hereinafter “Service”) on behalf of the customer (hereinafter “Customer”). The Service enables the customer to communicate with users of the Threema and Threema Work apps, to provide them with interactive communication tools, and to control and manage the use and users of the Service. In order to use the Service, the Customer must create one or more accounts on the Service's website.

2. Purpose of Data Processing

Threema processes personal data to enable the Customer to access the web administration interface of the service and to process orders. The data processed within the scope of order fulfillment will be processed exclusively by Threema on its own server infrastructure in Switzerland and will not be passed on to third parties.

Threema does not process special categories of personal data as defined by Art. 9 (1) or Art. 10 GDPR. Based on Art. 5 (1) GDPR, personal data is processed solely as a result of self-declaration and only to the extent required for the Use of the Service.

3. Scope and Duration of Data Processing

A. Inventory data

When creating an account as well as during order and payment processing, the following inventory data is collected and stored:

  1. Mandatory information
    1. Session cookie (identifies the current browser session so that the customer remains logged in during his or her visit to the website)
    2. Email address
  2. Optional information
    1. A Threema ID if it is provided for two-factor authentication (“2FA”) as additional proof of identity for logging into the Threema Broadcast account. Alternatively, the 2FA can also be done via an OTP app.
    2. Invoice address: Name and address of the Customer (required for payment by credit card only)

Except for the legally required data storage for business transactions, inventory data is only stored until it is deleted by the Customer or the Customer deletes all accounts.

B. Usage data

In the context of the use of the service the following potentially personal data is processed and/or stored:

  1. Threema IDs of recipients added by the Customer and all subscribers of Customer's feeds
    1. Optional, if entered by the Customer: Recipient's first name, last name and language
  2. Only for groups administered on the Service: If the “Save message history” option is activated, the entire chat history since the option was activated is stored encrypted in the group on Threema's servers, including incoming messages from other group members added to the group by the Customer. Should this option be used, the Customer is obliged to comply with the relevant legal provisions and to inform it users of this fact.

Personal data arising from the use of the Service will only be stored until deleted by the Customer or until the Customer deletes all of his accounts. Deleted data will not be archived and cannot be restored.

4. Data Processed by Third Parties

As a matter of principle, Threema does not pass on any data to third parties. The service is completely ad-free and does not employ analytics software to track user behavior.

To prevent misuse by automatically registered accounts, Threema uses the “reCaptcha” service during the registration process. Its use is subject to the data protection declaration of the reCaptcha provider Google Inc. The IP address transmitted by the Customer’s browser while using reCaptcha is not merged with other Google data. For more information about Google’s Privacy Policy, please visit https://www.google.com/intl/de/policies/privacy.

5. Right to Information, Correction, Blocking, Deletion and Appeal

The Customer has the right to receive information about his personal data stored by Threema at any time. Likewise, he has the right to correct, block, or delete his personal data, apart from the legally required data storage for business purposes.

The Customer has access to this information and the appropriate tools for its management. Threema will take necessary measures according to Customer's instructions if the Customer cannot implement them with the tools provided. The Customer can change or revoke his consent with effect for the future with a message to Threema and exercise his right of appeal at the competent authority.

6. Responsible Body

If you have any questions about data protection at Threema or would like to exercise your rights, you can contact us directly. Send us an email to privacy@threema.ch.

Responsible body and direct contact for questions on data protection at Threema in terms of data privacy law:

Threema GmbH
Data Protection Officer
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland
privacy@threema.ch

CHE-221.440.104

Representative in the EU according to Art. 27 (1) GDPR: GeKaCe GmbH, Dept. T, Weilerweg 13, 72411 Bodelshausen, Germany.

7. Changes to this Privacy Policy

Threema may amend this Privacy Policy from time to time to comply with changed legal requirements or to reflect changes in its business, e.g. the introduction of a new feature or extension of the product range. For your next visit of this website, the new Privacy Policy shall apply.

Disclaimer

This is a mere translation of the German version of this document. In case of any discrepancies between the English and the German text, the German version shall prevail.