March 6, 2018
Threema GmbH (hereafter «Threema») was founded on the premise of bulletproof data protection. It is our primary goal to store only the absolute minimum of information for the shortest possible time («Privacy by Design»). In addition to using state-of-the-art encryption methods, we take all necessary technical and organizational measures to prevent unauthorized data access and misuse. The processing and protection of data is carried out in accordance with applicable legal regulations and EU Regulation 2016/679 (GDPR).
By using our website, you consent to the collection, processing and use of data as described below.
1. General Information
2. Purpose of Data Processing
Threema processes personal data to enable users to access the web administration interface of the service and to process orders. The data processed within the scope of order fulfillment will be processed exclusively by Threema on its own server infrastructure in Switzerland and will not be passed on to third parties.
Threema does not process special categories of personal data as defined by Art. 9 (1) or Art. 10 GDPR. Based on Art. 5 (1) GDPR, personal data is processed solely as a result of self-declaration and only to the extent required for the Use of the Service.
3. Scope and Duration of Data Processing
A. Inventory data
When creating a profile as well as order and payment processing, the following inventory data are collected or stored:
- Session Cookie (identifies the current browser session to keep an administrator logged in as long as desired when browsing the website)
- Registering a Threema Gateway profile:
- Email address
- Mailing address
- Product purchase:
- Name and address of the invoice recipient for payments by credit card or invoice, if different from the user
Except for the legally required data storage for business purposes, inventory data will only be stored until deleted by the user or the Threema Gateway profile is deleted.
B. Usage data
The following data will be processed or stored within the scope of using the service:
- Service management:
- Timestamp of the last profile login
- Product management:
- Using the «Basic» option of the service, transport encrypted message contents are temporarily stored as plain text in server memory (no storage on hard disk) before transmitted end-to-end encrypted to the recipient.
- Using the «End-to-End» option, only end-to-end encrypted message content is forwarded, whereby Threema has no way to decrypt or read the content.
Data created within the use of the service is deleted immediately and irrevocably upon delivery; undelivered messages two weeks after sending.
4. Data Processed by Third Parties
As a matter of principle, Threema does not pass on any data to third parties.
5. Right to Information, Correction, Blocking, Deletion and Objection
Users have the right to receive information about their personal data stored by Threema at any time. Likewise, they have the right to correct, block, or delete their personal data, apart from the legally required data storage for business purposes.
The user has access to this information and the tools for its appropriate management. Threema will take necessary measures according to user instructions if the user cannot implement them with the tools provided. Administrators can change or revoke their consent with effect for the future with a message to Threema and exercise their right of appeal at the competent authority.
6. Responsible Body
If you have any questions about data protection at Threema or would like to assert your rights, you can contact us directly. Send us an email to firstname.lastname@example.org.
Responsible body and direct contact for questions on data protection at Threema in terms of data privacy law:
Data Protection Officer
8808 Pfäffikon SZ
Representative in the EU according to Art. 27 (1) GDPR: GeKaCe GmbH, Dept. T, Weilerweg 13, 72411 Bodelshausen, Germany.
This is a mere translation of the German version of this document. In case of any discrepancies between the English and German text, the German version shall prevail.