Privacy Policy Threema Broadcast

06. November 2019

Threema GmbH (hereafter “Threema”) was founded on the premise of bulletproof data protection. It is our primary goal to store only the absolute minimum of information for the shortest possible time (“Privacy by Design”). In addition to using state-of-the-art encryption methods, we take all necessary technical and organizational measures to prevent unauthorized data access and misuse. The processing and protection of data is carried out in accordance with applicable legal regulations, particularly with the EU Regulation 2016/679 (GDPR).

This Privacy Policy refers to the processing of personal data in relation to the use of Threema Broadcast (hereinafter referred to as “Service”) on behalf of the customer (hereinafter referred to as “Client”).

By creating a Threema Broadcast admin account (hereinafter referred to as “Account”) and using the Service, you consent to the collection, processing and use of data as described below.

1. General Information

The Service enables the Client to communicate with users of the Threema and Threema Work apps and manage end users and administrators of the Service with a web interface and/or API.

2. Purpose of Data Processing

Threema processes personal data to

  1. enable the Client to create an Account,
  2. enable administrators to access the web interface and to place orders, and
  3. provide interactive, web-based communication tools to app users.

The data processed within the scope of order fulfillment will be processed exclusively by Threema on its own server infrastructure in Switzerland and will not be passed on to third parties.

Based on Art. 5 (1) GDPR, personal data is processed solely as a result of self-declaration and only to the extent required for the Use of the Service.

3. Scope and Duration of Data Processing

A. Inventory data

When creating an Account and when placing orders or making payments, the following inventory data is collected and stored:

  1. Required information
    1. Session cookie (identifies the current browser session so that the Client remains logged in during his or her website visit)
    2. Email address of administrators
    3. For credit card payments: name and address of the card holder
  2. Optional information
    1. First and/or last name of administrators
    2. Threema ID of administrators, if provided for two-factor authentication to log into the Account
    3. Name and postal address of the Client

B. Usage data

The provision of the Service requires that incoming and outgoing messages of a Broadcast ID be encrypted and decrypted on the server in order for the messages to be displayed in the Client’s web interface.

Depending on the use, messages are processed and/or stored within the scope of the Service according to the following list, whereas both messages and the private key of a Broadcast ID are stored individually for each Client in symmetrically encrypted form.

Solely processed, without being stored

  • Incoming messages from feeds and distribution lists
  • Incoming messages from group chats without activated option “Save message history”

Storage and processing

  • Threema IDs (and optionally first name, surname and/or preferred correspondence language) of distribution-list recipients and feed subscribers
  • Custom chatbot responses
  • Outgoing messages of feeds and distribution lists
  • Group chats with activated option “Save message history”: All incoming and outgoing messages of all group members of the selected Broadcast group chat as long as the option remains active (group chat members are automatically notified about the activation and deactivation of this option and can check its status anytime).

C. Time limits for erasure

  • Session cookie: 30 minutes
  • Except for the statutory retention period, inventory data is only stored until deleted by the customer.
  • Usage data without storage will be deleted immediately after processing.
  • Usage data with storage is stored until the Client deletes it or the Account is closed.

4. Data Processed by Third Parties

As a matter of principle, Threema does not pass on any data to third parties. The service is completely ad-free and does not employ analytics software to track user behavior. To prevent misuse by automatically registered profiles, Threema uses the «hCaptcha» service during the registration process. Its use is subject to the data protection declaration of hCaptcha. For more information about hCaptcha’s Privacy Policy, please visit https://www.hcaptcha.com/privacy.

5. Right to Information, Correction, Blocking, Deletion and Appeal

The Client has the right to receive information about his personal data stored by Threema at any time. Likewise, he has the right to correct, block, or delete his personal data, apart from the legally required data storage for business purposes.

The Client has access to this information and the appropriate tools for its management. Threema will take necessary measures according to Client's instructions if the Client cannot implement them with the tools provided.

The Client can change or revoke his consent with effect for the future with a message to Threema and exercise their right of appeal at the competent authority.

6. Responsible Body

If you have any questions about data protection at Threema or would like to exercise your rights, you can contact us directly. Send us an email to privacy@threema.ch.

Responsible body and direct contact for questions on data protection at Threema in terms of data privacy law:

Threema GmbH

Data Protection Officer

Churerstrasse 82

8808 Pfäffikon SZ

Switzerland

privacy@threema.ch



CHE-221.440.104

Representative in the EU according to Art. 27 (1) GDPR: GeKaCe GmbH, Dept. T, Weilerweg 13, 72411 Bodelshausen, Germany.

7. Changes to this Privacy Policy

Threema may amend this Privacy Policy from time to time to comply with changed legal requirements or to reflect changes in its business, e.g. the introduction of a new feature or extension of the product range. For your next visit of this website, the new Privacy Policy shall apply. Disclaimer

This is a mere translation of the German version of this document. In case of any discrepancies between the English and German text, the German version shall prevail.