General Privacy Policy
for the Threema Work App
General
With this General Privacy Policy, we want to give you an overview over the processing of your personal data in relation with the “Threema Work App.”
Detailed information about data protection when using the Threema Work App can be found here.
Who is responsible for processing personal data?
Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland, is responsible for the processing of personal data. You can contact our Data Protection Officer at privacy at threema dot ch.
If the Threema Work App is used by a Business Customer of Threema, that Business Customer is the controller responsible for data processing. Threema assumes the role of processor for the Business Customer.
What purposes does Threema process personal data for?
We process your personal data for the following purposes:
- Contract performance;
- Bug fixing and product improvement (voluntary and optional);
- License verification.
What personal data is processed?
Depending on how you use the Threema Work App in its latest version, the following personal data is processed:
- Username;
- Threema ID;
- Push token of Google¹ and Apple;
- IP address.
The following personal data is optional for the use of the Threema Work App and will only be processed if you voluntarily provide it:
- Telephone number;
- Email address;
- First name;
- Last name;
- Nickname;
- Category (e.g., job title or department);
- Customer Specific Identifier (“CSI,” e.g., employee number);
- Logfile (as part of “Debug Logs”; see Section 2.J. of the Privacy Policy of the Threema Work App).
All text messages, media files, and voice and video calls between Users of the Threema Work App, including (voluntarily and optionally set) nicknames² and profile pictures, are end-to-end encrypted; Threema is unable to access any of the contents because it doesn’t know the private keys.³
What personal data is processed temporarily?
During an ongoing data transmission, the following personal data is only processed temporarily:
- IP address.
What personal data is stored and for how long?
The following personal data is stored by us (storage period in brackets):
- Threema ID (until revocation).
What personal data is stored linked to the Threema ID, and for how long?
The following personal data is stored by us linked to the Threema ID (storage period in brackets):
- Push token (for 180 days);
- Telephone number (until revocation and only in one-way encrypted form);
- Email address (until revocation and only in one-way encrypted form);
- First name (until revocation and only if voluntarily and optionally set in the app configuration);
- Last name (until revocation and only if voluntarily and optionally set in the app configuration);
- Nickname (until revocation and only if voluntarily and optionally set in the app configuration);
- Category (until revocation and only if voluntarily and optionally set in the app configuration);
- CSI (until revocation and only if voluntarily and optionally set in the app configuration);
What personal data is stored without a link to the Threema ID, and for how long?
The following personal data is stored by us without a link to the Threema ID (storage period in brackets):
- Logfile (until its analysis).
Is personal data disclosed to third parties?
We make every effort to process the personal data that occurs when using the Threema Work App exclusively on our own hardware (servers) in Switzerland.
The following companies located in Switzerland and the EU/EEA are commissioned by us as processors:
- For the verification of telephone numbers, F24 Schweiz AG and Swissphone Wireless AG, located in Switzerland, process telephone numbers to send SMS with verification codes;
- For the establishment and transmission of “Group Calls,” Leaseweb Netherlands B.V., located in the Netherlands, processes IP addresses.
The following companies located outside of Switzerland and the EU/EEA are commissioned by us as processors (only concerning Users outside of Switzerland and EU/EEA):
- For the verification of telephone numbers, Twilio Inc., located in the USA, processes telephone numbers to send SMS with verification codes.
What control options do you have?
In addition to your legal claims under data protection law, Threema provides you with the following control options over your personal data:
- Rectification, completion and deletion of your telephone number and email address in the Threema Work App or via the this link;
- Deletion of your push tokens and the use of “Threema Push” as an alternative to the Google push token in the Threema Work App;
- Immediate information about inventory data in the Threema Work App via this Threema ID;
- Deletion of all inventory data by revoking your Threema ID via this link (requires revocation password).
The control options over your personal data may be restricted by Administrators of the Business Customer controlling the processing of your personal data by means of app configuration settings in the Threema Work Management Cockpit.
What rights do you have?
You have a right to information to Threema and a right to rectification, completion, deletion, and blocking of your personal data as well as a right to withdrawal (of your consent) and to objection (against data processing based on overriding interests).
If Threema processes personal data on behalf of a Business Customer, i.e., as a processor, your rights must be primarily asserted against the Business Customer as the controller of the data processing. Threema will support the Business Customer in the fulfilment of your claims under data protection law.
- ¹ On mobile devices without Google Play services, no push tokens are generated; see Section 2.A. of the Privacy Policy of the Threema Work App.
- ² If the nickname is set by the Work User in the Threema Work App. As an app configuration setting, which Administrators of a Business Customer may voluntarily and optionally set in the Threema Work Management Cockpit, the nickname is linked to the Threema ID of a Work User as inventory data.
- ³ The sole exception are messages to Broadcast IDs; see Section 2.D. of the Privacy Policy of the Threema Work App.