Privacy Policy

1. General

The Threema Work management cockpit (hereinafter “Threema Work Cockpit”) is a web-based software-as-a-service application for “Business Customers” for the use of “Threema Work,” the business software of Threema GmbH (hereinafter “Threema”).

Aside from the Threema Work Cockpit, Threema Work includes additional applications, namely the “Threema Work App” for mobile devices of “Work Users” and the services “Threema Broadcast” and “Threema Gateway.

The Threema Work App was developed to process and store as little metadata as possible on a central server. The identification of a Work User primarily takes place via an 8-digit alphanumeric ID (hereinafter “Threema ID”) and a public key, both of which are randomly generated by the Work User when setting up the Threema Work App.

Threema’s focus lies on data protection and privacy, which is why we provide Business Customers, Work Users, and other interested persons with the information for transparent processing of their personal data in this Privacy Policy.

A. Scope of Application

This Privacy Policy applies to all data processing activities that take place while using the Threema Work App in its latest version and are related to personal data, namely:

A. Setting Up the Threema Work App;
B. Address Book Synchronization;
C. Sending of Messages;
D. Sending of Messages to Broadcast IDs;
E. Voice and Video Calls;
F. Group Calls;
G. Synchronization of the App Configuration;
H. Synchronization of the Threema ID;
I. Company Directory;
J. Crash Reports.

In principle, this Privacy Policy does not apply to the web-based applications Threema Work Cockpit, Threema Broadcast, and Threema Gateway; the three aforementioned applications have their separate privacy policies regarding the processing of personal data. This Privacy Policy for the Threema Work App is exclusively referring to the three aforementioned applications if particular uses of the Threema Work App have an effect on personal data in these applications.

Threema as the data controller is a limited liability company under Swiss law with its registered office in Pfäffikon SZ (municipality of Freienbach), Switzerland, and business identification number (hereinafter “UID”) CHE-221.440.104.

When a Work User uses the Threema Work App, personal data is, unless stated otherwise in this Privacy Policy, processed and, if necessary, stored exclusively on Threema’s own servers in two data centers of an “ISO 27001”-certified colocation partner located in Zurich, Switzerland (hereinafter “Threema Servers”).

As a company with its registered office in Switzerland, Threema and the data processing it carries out are subject to Swiss data protection law (Federal Act on Data Protection of September 25, 2020, SR 235.1; hereinafter “FADP”). For data subjects residing in the territory of the EU or the EEA (marked with “for EU/EEA”), European data protection law (Regulation (EU) 2016/679 of April 27, 2016, General Data Protection Regulation; hereinafter “GDPR”) may additionally apply.

Personal data pursuant to Art. 5 lit. a FADP [for EU/EEA: Art. 4 No. 1 GDPR] is information that relates to an identified or identifiable natural person.

B. Controller

Threema GmbH
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland

UID: CHE-221.440.104

C. Data Protection Officer

Threema GmbH
Data Protection Officer
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland

Email: privacy at threema dot ch

D. Representative in the EU (Art. 27 GDPR)

ACC Datenschutz UG
Messestrasse 6
94036 Passau
Germany

E. Swiss Supervisory Authority

Federal Data Protection and Information Commissioner (FDPIC)
Feldweg 1
3003 Bern
Switzerland
Telephone: +41 58 462 43 95

Contact form of the FDPIC: Link

2. Processing Activities

Depending on how a Work User uses the Threema Work App, Threema processes different categories of personal data about the Work User for different purposes, based on different legal bases and with different storage periods, if any personal data is stored at all.

A. Setting Up the Threema Work App

Processing

In addition to the Threema ID and the key pair (public and private key), various other data points are generated and linked to the Threema ID on the Threema Servers when the Threema Work App is set up on the Work User’s mobile device.

Unlike the “Threema App” for consumers, the use of the Threema Work App requires access authorization granted by administrators of a Business Customer in the Threema Work Cockpit. Each access authorization request to the Threema Work App requires a valid license as part of an active subscription and is granted by using a username and a password.

Categories of Processed Personal Data

When setting up the Threema Work App, the following personal data set in the Threema Work Cockpit by administrators is processed:

When setting up the Threema Work App, the following personal data is generated and stored as inventory data on the Threema Servers:

Note: On mobile devices without Google Play services, no Google push tokens are generated.

The following personal data, which is optional for the use of the Threema Work App, may be provided voluntarily by the Work User and is stored only in the form of one-way encrypted hash values as inventory data on the Threema Servers:

All personal data, including the one-way encrypted hash values, is protected on its way to the Threema Servers by transport encryption in order to make it impossible for third parties to intercept the data.

Note: Before a Work User’s telephone number and/or email address is linked to their Threema ID, this personal data must be verified in an automated process as being that of the Work.

Email address verification:** To verify a Work User’s email address, it is transmitted to the Threema Servers after having been entered in the Threema Work App, and processed in plain text in order to send the Work User an email with a confirmation link.

Telephone number verification: To verify a Work User’s telephone number, it is transmitted to the Threema Servers after having been entered in the Threema Work App, and processed in plain text. The Work User will then receive a confirmation code by SMS.

For the delivery of the confirmation codes to the User to verify the telephone number, Threema relies on the services “eCall” of F24 Schweiz AG, Samstagernstrasse 45, 8832 Wollerau, Switzerland, (hereinafter “F24”) and “IMASYS” of Swissphone Wireless AG, Fälmisstrasse 21, 8833 Samstagern, Switzerland (hereinafter “Swissphone”). Both F24 and Swissphone are “ISO 27001”-certified and host their services “eCall” and “IMASYS” in Switzerland. Work Users can find more information on data protection at F24 and Swissphone on the websites of F24 (Link) and Swissphone (Link) respectively.

Note for Work Users outside of Switzerland and EU/EEA: To deliver the confirmation codes by SMS to Work Users outside of Switzerland and EU/EEA, Threema relies on the services of Twilio Inc., 101 Spear Street, 5th Floor, San Francisco, California, 94105, USA (hereinafter “Twilio”). Work Users can find more information on data protection at Twilio on the website of Twilio: Link

Note for administrators of the Threema Work-Cockpit: Via the “App Configuration” in the Threema Work Cockpit, administrators may deactivate the verification function for telephone numbers and email addresses of Work Users. By deactivating this function, telephone numbers and email addresses of Work Users will not be disclosed to sub-processors of Threema.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing and storage of personal data for setting up the Threema Work App is based on the overriding private interest (use of the Threema Work App by the Work User; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of the Work User’s personal data for setting up the Threema Work App is necessary to enable the Work User to use the Threema Work App as contractually agreed.

Storage Period

The push token stored when setting up the Threema Work App is stored on the Threema Servers for a maximum of 1 year, calculated from the date of the last connection of a Threema ID to the Threema Servers, and then automatically deleted. The Work User may delete the stored push token at any time (see Section 6)).

The one-way encrypted hash values of the telephone number and/or email address of the Work User are stored on the Threema Servers indefinitely so that Work Users who reactivate their Threema ID with a backup do not have to relink this data. The Work User may delete this data at any time (see Section 6).

The telephone number and/or email address of the Work User processed for verification is stored on the Threema Servers for a maximum of 1 month as a one-way encrypted hash value, provided the Work User does not complete the verification process. In the event of successful verification, the telephone number and/or email address are linked as one-way encrypted hash values to the Threema ID of the Work User.

B. Address Book Synchronization

Processing

In order to facilitate finding other Users of the Threema App and the Threema Work App, a Work User may voluntarily enter their telephone number and/or email address in the Threema Work App and link it to their Threema ID (see Section 2.A.).

If Work Users voluntarily activate the optional contact synchronization in the Threema Work App, one-way encrypted hash values of telephone numbers and/or email addresses in the contact list of their mobile device are transmitted to the Threema Servers manually (by pulling down the screen) or automatically approximately every 24 hours to search for identical hash values of telephone numbers and email addresses that other Users and/or Work Users have linked to their Threema IDs. If identical hash values are found that other Users and/or Work Users have linked with their Threema ID, these Users and/or Work Users will appear in the Threema Work App contact list stored on the mobile device. In this way, the locally stored contact list of the Threema Work App automatically stays up to date.

Note for administrators of the Threema Work-Cockpit: Via the App Configuration in the Threema Work Cockpit, administrators may deactivate the address book synchronization function for Work Users. To manage the contact list of Work Users, administrators may use the “Company Directory” function of the Threema Work Cockpit (see Section 2.I.).

Categories of Processed Personal Data

For address book synchronization, the following personal data is processed on the Threema Servers only as one-way encrypted hash values:

In addition, the one-way encrypted hash values are protected on their way to the Threema Servers by transport encryption in order to make it impossible for third parties to intercept the hash values.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of the telephone number and/or email addresses of a Work User and of persons in the contact list on the Work User’s mobile device (only in the form of one-way encrypted hash values) for address book synchronization in a Work User’s contact list in the Threema Work App is based on the overriding private interest (use of the Threema Work App by the Work User; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of telephone numbers and/or email addresses of persons in the contact list on a Work User’s mobile device is necessary to enable the Work User to use the Threema Work App as contractually agreed.

Storage Period

The storage period of the telephone number and/or email address provided by the Work User is identical to the storage period for inventory data processed for setting up the Threema Work App (see Section 2. A.).

The one-way encrypted hash values of the telephone numbers and/or the email addresses of persons in the contact list on a Work User’s mobile device are immediately deleted from the Threema Servers after an address book synchronization has been performed. They are never permanently stored on the Threema Servers, unlike the telephone number and/or email address linked with a Work User’s Threema ID.

C. Sending of Messages

Processing

The Threema Work App encrypts all message content (text messages, media files, and system messages) and voluntarily and optionally set nicknames and profile pictures of Work Users by means of a secure end-to-end encryption process.

Note for administrators of the Threema Work Cockpit: Via the App Configuration in the Threema Work Cockpit, administrators may deactivate communication between Work Users from within the organization of the Business Customer and other Users and Work Users outside the organization of the Business Customer. Also, administrators may deactivate the function for setting a nickname for Work Users via the App Configuration in the Threema Work Cockpit.

Since the private key to decrypt a message is stored exclusively on the recipient’s mobile device, Threema doesn’t have access to message contents of Work Users.

Interested Work Users can find more information about the encryption in the Threema Work App in Threema’s Cryptography Whitepaper on the Threema website: Link

D. Sending of Messages to Broadcast IDs

Processing

With Threema Broadcast, special Threema IDs can be created. They are marked with an asterisk (“*”) at the beginning of the 8-digit ID (hereinafter “Broadcast ID”).

Broadcast IDs are principally used for one-way one-to-many communication, i.e., sending the same message to several Work Users, whereas between Work Users, two-way one-to-one communication takes place. Nevertheless, Work Users are still able to send messages to Broadcast IDs.

Note: Like a regular Threema ID, a Broadcast ID can receive messages from Work Users. As the endpoint of the end-to-end encryption, such messages will be decrypted by the private key of the Broadcast ID on the Threema Servers, but they are never permanently stored (with one exception).

“Save Chat History” function: With Broadcast IDs, groups can be created, and Work Users of the Threema Work App can be invited to such groups. In such groups, the administrators of a Business Customer behind the Broadcast ID have the option to activate the “Save Chat History” function.

Groups of a Broadcast ID, in which the “Save Chat History” function has been activated, can be recognized by the cloud emoji (☁️), which is technically mandatory and prefixed to the name of the group of the Broadcast ID. Work Users who were members of such a group before activation (or deactivation) of the function automatically receive a warning in the form of a system message.

If this function is activated, all encrypted message content sent into the group of a Broadcast ID by Work Users is not only decrypted on the Threema Servers upon receipt by the Broadcast ID but also stored.

Note: The controller responsible for the processing of decrypted message contents in connection with the use of the “Save Chat History” function of a Broadcast ID is the respective Business Customer of Threema, whose administrators decide on the activation and thus the purposes and means of this data processing. Threema processes this personal data on behalf of its Business Customer, i.e., as a processor.

Categories of Processed Personal Data

Upon receipt of a message by a Broadcast ID, the following personal data is processed and, if the “Save Chat History” function is activated, stored on the Threema Servers:

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of decrypted message contents of Work Users and their storage in a group of a Broadcast ID, in which the “Save Chat History” function has been activated, is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

This data processing is necessary to enable Business Customers to use Threema Broadcast as contractually agreed.

Storage Period

The decrypted message content is stored on the Threema Servers for the following durations, calculated from receipt by the Broadcast ID, and then automatically deleted:

E. Voice and Video Calls

Processing

In addition to exchanging text messages and media files, Work Users can also communicate with each other independently of the public telephone network via internet-based voice and video calls.

An encrypted system message (see Section 2.C.) is sent when starting voice and video calls to establish the call with the correct Work User and to inform them of the incoming call. The callee answers with a corresponding encrypted system message, which informs the calling Work User whether the callee accepts or declines the call.

If the callee accepts the call, the IP addresses of the two Work Users are transmitted to and processed on the Threema Servers. In principle, this processing ends with the establishment of a direct peer-to-peer connection between the Work Users without further processing of the IP addresses on the Threema Servers. Further transmission of the voice or video call is only carried out via the Threema Servers in the following cases:

Like for sending messages (see Section 2.C.), the Threema Work App encrypts all voice and video call contents using a secure end-to-end encryption process. Threema doesn’t have access to the Work Users’ call contents.

Categories of Processed Personal Data

To establish voice and video calls between Work Users, and to transmit them via the Threema Servers if no peer-to-peer connection can be established, the following personal data is processed on the Threema Servers:

The IP addresses of the call participants are only processed after the callee has accepted the voice or video call.

Work Users can deactivate voice and video calls in the Threema Work App.

Note for administrators of the Threema Work-Cockpit: Via the App Configuration in the Threema Work Cockpit, administrators may deactivate communication between Work Users from within the organization of the Business Customer and other Users and Work Users outside the organization of the Business Customer.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of IP addresses for the establishment and potential transmission of voice and video calls is based on the overriding private interest (use of the Threema Work App by the Work User; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

This processing of IP addresses for the establishment and potential transmission of voice and video calls is necessary to enable the Work User to use the Threema Work App as contractually agreed.

Storage Period

The IP addresses of the Work Users are immediately deleted from the Threema Servers after either the peer-to-peer connection between the call participants has been successfully established or, if the call is transmitted via the Threema Servers, after the voice or video call has been terminated. IP addresses are never permanently stored on the Threema Servers for voice and video calls.

F. Group Calls

Processing

In addition to individual voice and video calls between two Work Users, the Threema Work App also offers “Group Calls” with more than two Work Users at the same time.

As a member of a group, a Work User can start a Group Call with the other members of the group. Like individual calls, a Group Call allows for both voice and video transmission.

Group Calls are only transmitted via special servers, so-called “Selective Forwarding Units” (hereinafter “SFU”). To start a Group Call, a Work User must first establish a connection to the SFU, for which their IP address is processed. As soon as the connection to the SFU has been successfully established, a system message notifies the other members of a group that a Group Call has been started, and they can join it. Like for the establishment of individual voice and video calls, encrypted system messages (see Section 2.C.) are sent by the Threema Work App to enable the correct Work Users to join the Group Call and to inform them that the Group Call that has been started.

After first informing the other members of the group with a system message, the Threema Work Apps of all members of a group, including of the one who started the Group Call, will continually request the status of the Group Call on the SFU until the Group Call is terminated. As long as the Group Call is active, the IP addresses of all members of the group, including of those who do not join the Group Call, are processed recurringly in order to request the status of the Group Call on the SFU, and permanently processed to maintain the connection to the SFU during participation in the Group Call.

Categories of Processed Personal Data

To establish and transmit a Group Call, the following personal data is processed on the SFU:

Unlike individual voice and video calls, the IP addresses of Work Users who are members of a group in the Threema Work App in which a Work User has started a Group Call, are processed on the SFU as soon as the system message is delivered that a Group Call had been started.

Note: This processing of IP addresses also takes place if a Work User has deactivated Group Calls in the Threema App.

For Group Calls, the Threema Servers are used as well as SFU operated by Leaseweb Netherlands B.V., Hessenbergweg 95, 1101 CX Amsterdam, the Netherlands (hereinafter “Leaseweb”). The SFU are located in an “ISO 27001”-certified data center of Leaseweb in Amsterdam, the Netherlands. Work Users can find more information on data protection at Leaseweb on the website of Leaseweb: Link

The Netherlands is a member of the European Union and falls within the scope of application of the GDPR, and is included in the list of states under Annex 1 to the Ordinance on Data Protection of August 31, 2022 (“DPO”; SR 235.11); therefore, its legislation does ensure adequate data protection; Art. 16 Sec. 1 FADP in connection with Art. 8 Sec. 1 DPO.

Like for individual voice and video calls (see Section 2.E.), the Threema Work App encrypts all Group Call contents with a secure end-to-end encryption process. Neither Threema nor Leaseweb have access to the Work Users’ call content.

Purpose

The aforementioned personal data is processed by Threema for the following purposes: - Use of the Threema Work App’s functions by the Work User (contract performance).

The use of Leaseweb’s SFU for Group Calls serves the purpose of ensuring the lowest possible latency and smooth communication for Work Users when using Group Calls.

Legal Basis

The processing of IP addresses for the establishment and potential transmission of Group Calls is based on the overriding private interest (use of the Threema Work App by the Work User; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of IP addresses for the establishment and potential transmission of Group Calls is necessary to enable the Work User to use the Threema Work App as contractually agreed.

Storage Period

The IP addresses of Work Users that are processed on the SFU for the establishment and transmission of Group Calls are immediately deleted from the SFU after the Group Call has ended, irrespective of whether the SFU are those of Threema or Leaseweb. IP addresses are never permanently stored for Group Calls.

G. Synchronization of the App Configuration

Processing

In the Threema Work Cockpit, administrators have the option to configure the Threema Work App by setting configuration settings globally (per subscription) or per access authorization request of a Work User (per license). These are used to configure the Threema Work App of all or only individual Work Users within a subscription, in order to control functions of the Threema Work App or to identify Work Users more easily within the Business Customer’s organization.

In order to synchronize the App Configuration with the data in the Threema Work App on Work Users’ mobile devices, configuration settings defined by administrators are automatically downloaded by the Threema Work App to the mobile device of the Work User and synchronized every 24 hours. Configuration settings are linked to the Threema ID of a Work User.

Note: The use of the App Configuration is completely optional; the Business Customer or their administrators decide what data is processed and stored in the context of using the App Configuration. Threema processes this personal data on behalf of its Business Customer, i.e., as a processor.

Categories of Processed Personal Data

When using the App Configuration, the following personal data is processed and stored on the Threema Servers and synchronized with the Threema Work App of Work Users:

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of personal data of Work Users in the context of the use of the App Configuration by administrators is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

Configuration settings for a Work User defined by administrators are stored on the Threema Servers until revocation, i.e., until change or deletion of individual or all configuration settingss for a Work User in the Threema Work Cockpit, and then immediately deleted.

If the subscription of a Business Customer, with which configuration settings for a Work User have been defined, becomes inactive, the configuration settings for the Work User will not be deleted, but only deactivated (the data subject will no longer be able to use the Threema Work App). After 1 year of inactivity of the corresponding subscription, the configuration settings for Work Users will be automatically deleted. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated credentials of Work Users including the stored configuration settings may be reactivated by administrators.

H. Synchronization of the Threema-ID

Processing

When the Work User uses the Threema Work App, their Threema ID is uploaded to the Threema Servers every 24 hours, linked to the corresponding Work User’s access authorization in the Threema Work Cockpit, and stored. This allows administrators to create a “User List” of Work Users within the Business Customer’s organization in the Threema Work Cockpit. Threema processes this personal data on behalf of its Business Customer, i.e., as a processor.

Categories of Processed Personal Data

For synchronization of the Threema ID of Work Users, the following personal data is processed and stored on the Threema Servers:

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of the Threema ID of Work Users is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

Threema IDs of Work Users are stored on the Threema Servers until revocation, i.e., until deletion of a Work User’s access authorization in the Threema Work Cockpit by an administrator, and then immediately deleted.

If the subscription of a Business Customer, within which Threema IDs of Work Users have been stored, becomes inactive, the Threema ID of a Work User will not be deleted, but only deactivated (the data subject will no longer be able to use the Threema Work App). After 1 year of inactivity of the corresponding subscription, all personal data linked to the Threema ID of a Work User will be automatically deleted. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated access authorizations of Work Users may be reactivated together with the stored Threema IDs.

If a Work User changes their mobile device without having backed up their Threema ID first, they have to generate a new random Threema ID when setting up the Threema Work App on their new mobile device. When synchronizing their new Threema ID with the Threema Work Cockpit, their old Threema ID is not deleted but only deactivated, and it remains stored on the Threema Servers until deleted by an administrator.

I. Company Directory

Processing

In the Threema Work Cockpit, administrators have the option to create a Company Directory with the Work Users from the Business Customer’s organization.

An entry in the Company Directory consists of a Threema ID and the corresponding configuration settings (see Section 2.G.). Threema IDs can be added to the Company Directory by administrators either manually or automatically from the User List (see Section 2.H.).

Provided that Work Users have a connection to the Threema Servers, they may access this Company Directory and save individual contacts from it locally in the Threema Work App.

Note: Creating a Company Directory in the Threema Work Cockpit is completely optional; the Business Customer or their administrators decide what data is processed in the context of using the Company Directory. Threema processes this personal data on behalf of its Business Customer, i.e., as a processor.

Categories of Processed Personal Data

In the context of using the Company Directory, the following personal data is processed on the Threema Servers and may be locally stored in the Threema Work App by Work Users:

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of personal data of Work Users in the context of the creation of a Company Directory by administrators and its use is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

The processing of personal data in the context of the creation and use of the Company Directory is carried out until revocation, i.e., until change or deletion of personal data in the Company Directory by an administrator in the Threema Work Cockpit. The storage periods for Threema IDs and configuration settings are set out under Sections 2.G. and 2.H. hereinabove.

If a Business Customer’s subscription, within which a Company Directory was created, becomes inactive, the Company Directory will not be deleted but only deactivated. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, a deactivated Company Directory will be automatically reactivated.

J. Crash Reports

Processing

In order to improve the stability and reliability of the Threema Work App and to further develop the Threema Work App, Threema relies on crash reports from Work Users.

It depends on the operating system of the mobile device (Android or iOS) used by the Work User which data is processed by Threema when evaluating crash reports of the Threema Work App and how this data is collected by Threema.

Note: As an alternative independent from the operating system, Work Users can voluntarily send crash reports within the Threema Work App to the Threema ID “*SUPPORT.” To send crash reports via the Threema Work App, the debug log (hereinafter “Debug Log”) must be activated in the Threema Work App. The Debug Log is never sent automatically to Threema, but only manually by the Work User.

Categories of Processed Personal Data

iOS: No personal data is processed by Threema when evaluating crash reports from Work Users with an iOS operating system.

Android: No personal data is processed by Threema when evaluating crash reports from Work Users with an Android operating system.

Debug Log of the Threema App: The following personal data is processed when evaluating Debug Logs of the Threema Work App:

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

Legal Basis

The processing of Debug Logs is based on the overriding private interest (bug fixing and improvement of the product) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR.

Necessity

This data processing is necessary to fix bugs of the Threema Work App and to further improve the Threema Work App.

Storage Period

The data from Debug Logs of the Threema Work App is stored by Threema on the Threema Servers until their analysis and then anonymized or deleted.

3. Disclosure of Data to Third Parties

Principally, Threema does not disclose to third parties any personal data that is transmitted by the Work User when using the Threema Work App and that is then processed and stored on the Threema Servers.

Verification of Telephone Numbers with the help of F24 or Swissphone

In connection with the verification of telephone numbers, personal data of Work Users, namely their telephone numbers, is processed by F24 or Swissphone in Switzerland (see Section 2.A.).

Verification of Telephone Numbers with Twilio (Only for Work Users Outside of Switzerland and EU/EEA)

In connection with the verification of telephone numbers of Work Users outside of Switzerland and EU/EEA, personal data, namely their telephone numbers, is processed by Twilio in the USA (see Section 2.A.).

Group Calls via SFU of Leaseweb

In connection with Group Calls, personal data of Work Users, namely their IP address, may be processed by Leaseweb in the Netherlands (see Section 2.F.).

Threema reserves the right to disclose personal data to third parties (e.g., lawyers) if it is necessary for the assertion, exercise or defense of legal claims by Threema.

4. Collection of Data from Thrid Parties

Principally, Threema does not collect from third parties any personal data that is transmitted by the Work User when using the Threema Work App and that is then processed and stored on the Threema Servers.

5. Data Security

In addition to using state-of-the-art encryption methods, Threema takes all necessary technical and organizational measures to prevent unauthorized access and misuse of data of Work Users of the Threema Work App. The security measures are continuously improved in line with technological developments.

6. Control Options of the Work User

In addition to the legal claims of data protection law (see Section 7), Threema provides Work Users with the following control options over their personal data:

Rectification, Completion, and Deletion of Telephone Numbers, Email Addresses, and Nicknames

The Work User may rectify or complete their telephone number, email address and/or nickname in the Threema Work App under “My Profile.

The Work User may unlink their telephone number and/or email address from their Threema ID at any time by deleting the corresponding data in the Threema Work App under “My Profile.”

Alternatively, the Work User may also unlink the data on the Threema website: Link

The corresponding one-way encrypted hash values of the Work User’s telephone number and/or email address will then be deleted immediately from the Threema Servers.

Deletion of Push Tokens

The Work User may delete the push tokens currently linked to their Threema ID at any time by resetting the push token in the Threema Work App under “About Threema / Troubleshooting.

Threema Push Instead of Google Push Token

Work Users may use Threema’s own push service “Threema Push” as an alternative to the Google push token. Work Users can find out more about Threema Push in the corresponding FAQ article on the Threema website.

Information About Inventory Data

Work Users may request information about their inventory data, including personal data and configuration settings, stored by Threema and linked to the Work User’s Threema ID at any time by sending the message “info” to the Threema ID “*MY3DATA.” Work Users can find out more in the corresponding FAQ article on the Threema website.

Deletion of All Inventory Data by Revocation

The Work User may immediately delete their Threema ID and all information linked with it, including personal data and configuration settings, at any time. To do so, the Work User must revoke their Threema ID via the following link on the Threema website: Link

The revocation of the Threema ID is irreversible, and a “Revocation Password” must be set in advance in the Threema Work App.

Deletion by Revocation Password also leads to immediate deletion of the Threema ID of the concerned Work User in the Threema Work Cockpit.

Note for administrators of the Threema Work Cockpit: Via App Configuration in the Threema Work Cockpit, administrators may deactivate the revocation function for Work Users.

7. Rights of Work Users

As data subjects, Work Users of the Threema Work App can assert various claims under data protection law against Threema.

If Threema processes personal data on behalf of a Business Customer, i.e. as a processor, claims of data subjects under data protection law must be primarily asserted against the Business Customer as the controller of the data processing. Threema will support the Business Customer in the fulfilment claims under data protection law by data subjects.

In order to fulfil these claims, Threema may have to process personal data of data subjects. In particular Threema must be able to identify the data subject in order to ensure that the data subject rights are not exercised by anyone other than the data subject and that no personal data is unlawfully disclosed to third parties.

Regarding the processing of personal data through the use of the Threema Work App, secure identification of the data subject is only possible via algorithmic proof of possession of the private key associated with the Threema ID via a so-called key derivation. This is ensured in the case of automated inventory data information for Work Users via the Threema ID “*MY3DATA” (see Section 6).

Depending on the applicable law, data subjects may exercise the following rights in relation to personal data against Threema:

Right to Information

Art. 25 and 26 FADP [for EU/EEA: Art. 15 GDPR]

A data subject has the right to request information about their personal data processed by Threema.

Right to Correction or Completion

Art. 32 Sec. 2 FADP [for EU/EEA: Art. 16 GDPR]

A data subject has the right to request that Threema corrects inaccurate or completes incomplete personal data without undue delay.

Right to Deletion

Art. 32 Sec. 2 FADP [for EU/EEA: Art. 17 GDPR]

A data subject has the right to request that Threema deletes their personal data without undue delay.

Right to Withdrawal of Consent

only for data processing based on consent; Art. 30 Sec. 2 FADP [for EU/EEA: Art. 7 Sec. 3 GDPR]

A data subject has the right to withdraw their consent to the processing of their personal data by Threema. This has the consequence that Threema may no longer continue the data processing based on this consent. The processing of the Work User’s personal data by Threema up to this point in time on the basis of the Work User’s consent remains lawful.

Right to Objection

only for data processing based on legitimate interests; Art. 30 Sec. 2 FADP [for EU/EEA: Art. 21 GDPR]

A data subject has the right to object to the processing of their personal data by Threema where such personal data is processed based on Threema’s overriding private interests; Art. 31 DSG [for EU/EEA: Art. 6 Sec. 1 lit. f GDPR].

Right to Blocking

Art. 32 FADP [for EU/EEA: Art. 18 GDPR]

For the protection of their personality, a data subject has the right to request that Threema blocks the processing of their personal data.

Right to Data Transfer

Art. 28 and 29 FADP [for EU/EEA: Art. 20 GDPR] [only for data processing based on consent or a contract and with the aid of automated procedures]

A data subject has the right to receive the personal data they have provided to Threema in a structured, commonly used, and machine-readable format, provided that:

8. Timeliness and Amendment of this Privacy Policy

Threema reserves the right to amend this Privacy Policy from time to time in order to comply with changed legal requirements or to implement new features in the Privacy Policy. The current Privacy Policy is always linked in the Threema Work App.