Privacy Policy
1. General
“Threema Gateway” is an application programming interface (hereinafter “API”) for “Business Customers” of Threema GmbH (hereinafter “Threema”) to enable the integration of their own IT systems into the applications of Threema. Note: In principle, Threema Gateway is also available to consumers for private use; for the sake of simplicity, only the term of Business Customers as the primary target audience for Threema Gateway will be used hereinafter.
Threema Gateway forms part of the business software range “Threema Work” together with other applications, namely the “Threema Work App” for mobile devices of “Work Users,” the services of Threema Work’s management cockpit (hereinafter “Threema Work Cockpit”), and “Threema Broadcast.”
The Business Customer manages Threema Gateway via a cockpit hosted on the Threema Servers (hereinafter “Threema Gateway Cockpit”). The Business Customer can create “Gateway IDs” in the Threema Gateway Cockpit to send information as messages from his own IT systems to Work Users and users of the consumer version of the “Threema App” (hereinafter collectively “Users”) and to receive messages from them to his own IT Systems as well. A Gateway ID is an eight-digit alphanumeric code starting with an “*,” to which belong a public and a private key.
Threema’s focus lies on data protection and privacy, which is why we provide Business Customers and other interested persons with the information for transparent processing of their personal data in this Privacy Policy.
A. Scope of Application
This Privacy Policy applies to all data processing activities that take place while using Threema Gateway in its latest version and are related to personal data, namely:
A. Calling up the Threema Gateway Cockpit;
B. Setting up the Customer Account;
C. Ordering Credits;
D. Invoicing Credits;
E. Requesting a Gateway ID;
F. Outgoing Messages of a Gateway ID (“Basic” Option);
G. Misuse Protection (hCaptcha).
In principle, this Privacy Policy does not apply to the Threema Work App for mobile devices, the Threema Work Cockpit, and Threema Broadcast; the three aforementioned applications have their separate privacy policies regarding the processing of personal data. This Privacy Policy for Threema Gateway is exclusively referring to the three aforementioned applications if particular uses of Threema Gateway have an effect on personal data in these applications.
Threema as the data controller is a limited liability company under Swiss law with its registered office in Pfäffikon SZ (municipality of Freienbach), Switzerland, and business identification number (hereinafter “UID”) CHE-221.440.104.
When Business Customers use Threema Gateway, personal data is, unless stated otherwise in this Privacy Policy, processed and, if necessary, stored exclusively on Threema’s own servers in two data centers of an “ISO 27001”-certified colocation partner located in Zurich, Switzerland (hereinafter “Threema Servers”).
As a company with its registered office in Switzerland, Threema and the data processing it carries out are subject to Swiss data protection law (Federal Act on Data Protection of September 25, 2020, SR 235.1; hereinafter “FADP”). For data subjects residing in the territory of the EU or the EEA (marked with “for EU/EEA”), European data protection law (Regulation (EU) 2016/679 of April 27, 2016, General Data Protection Regulation; hereinafter “GDPR”) may additionally apply.
Personal data pursuant to Art. 5 lit. a FADP [for EU/EEA: Art. 4 No. 1 GDPR] is information that relates to an identified or identifiable natural person.
B. Controller
Threema GmbH
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland
UID: CHE-221.440.104
C. Data Protection Officer
Threema GmbH
Data Protection Officer
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland
Email: privacy at threema dot ch
D. Representative in the EU (Art. 27 GDPR)
ACC Datenschutz UG
Messestrasse 6
94036 Passau
Germany
E. Swiss Supervisory Authority
Federal Data Protection and Information Commissioner (FDPIC)
Feldweg 1
3003 Bern
Switzerland
Telephone: +41 58 462 43 95
Contact form of the FDPIC: Link
2. Processing Activities
Depending on how a Business Customer uses Threema Gateway, Threema processes different categories of personal data for different purposes, based on different legal bases and with different storage periods, if any personal data is stored at all.
A. Calling Up the Threema Gateway Cockpit
Processing
When the Threema Gateway Cockpit as a web-based software is called up, information, including personal data, is automatically sent to the Threema Servers by the browser on the end device of the data subject and stored in a log file.
After processing the full IP address, normally only the first two digits of an IP address are stored in the log file, unless an error occurred when calling up the Threema Gateway Cockpit. In case of an error, the full IP address is stored in the log file.
Categories of Processed Personal Data
When calling up the Threema Gateway Cockpit, the following personal data is processed on the Threema Servers and stored in log files:
- IP address.
Purpose
The aforementioned personal data is processed by Threema for the following purposes:
- Delivery of the Threema Gateway Cockpit in the browser of the data subject;
- Information security.
Legal Basis
The processing and storage of IP addresses is technically necessary and based on the overriding private interest (delivery of the Threema Gateway Cockpit in the browser; contract performance; information security) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Necessity
The processing of the IP address is technically necessary to deliver the Threema Gateway Cockpit in the browser of the data subject, to enable the Business Customer to use it as contractually agreed, and to be able to analyze potential technical errors for information security purposes.
Storage Period
The log file with the data subject’s IP address created when the Threema Gateway Cockpit is called up is stored on the Threema Servers for 10 days, counting from the creation date of the log file, and then automatically deleted.
B. Setting up the Customer Account
Processing
In order to access and use Threema Gateway as a Business Customer, the Business Customer must set up a “Customer Account.”
The email address of a Business Customer used to create the Customer Account must be verified in order to activate the Customer Account and thus access Threema Gateway.
In addition, a Business Customer is assigned a randomly generated ten-digit alphanumeric “Customer Number” when creating a Customer Account.
Categories of Processed Personal Data
To create a Customer Account, the following personal data is processed and stored on the Threema Servers:
- Customer Number;
- Email address.
- Name;
- Address;
- Company (optional).
To protect Threema Gateway from misuse when setting up a Customer Account, Threema uses a captcha from the hCaptcha service (see Section 2.G.).
Purpose
The aforementioned personal data is processed by Threema for the following purposes:
- Use of Threema Gateway by the Business Customer (contract performance).
Legal Basis
The processing of personal data for the creation of the Customer Account is based on the overriding private interest (use of Threema Gateway by the Business Customer; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Necessity
The processing of the Business Customer’s personal data is necessary to enable the Business Customer to use Threema Gateway as contractually agreed.
Storage Period
The personal data stored for setting up the Customer Account will be stored on the Threema Servers until revocation, i.e., until deletion of the Customer Account by the Business Customer in the Threema Gateway Cockpit, and then deleted after 14 days.
If a Business Customer does not have any “Credits” for Threema Gateway or any open orders for Credits and has not logged into the Customer Account of Threema Gateway within 1 year, the Customer Account and all linked personal data will be deleted.
Note: Threema is subject to a statutory retention obligation of 10 years in connection with accounting records and accounting vouchers, including any personal data. In addition, Threema reserves the right to retain all data and documents required for the reconstruction of the contractual relationship with a Business Customer, including any personal data, for the duration of the ordinary period of limitation of 10 years.
C. Ordering Credits
Processing
To use Threema Gateway, a Business Customer requires Credits. In principle, one Credit corresponds to one message that can be sent by a Gateway ID.
The Business Customer can order Credits directly via the Threema Gateway Cockpit. After placing the order, an invoice is automatically created and sent to the Business Customer (see Section 2.B.).
Categories of Processed Personal Data
When ordering Credits, the following personal data is processed and stored on the Threema Servers:
- Name;
- Address;
- Company (optional);
- Email address.
To protect Threema Gateway from misuse when ordering Credits, Threema uses a captcha from the hCaptcha service (see Section 2.G.).
Purpose
The aforementioned personal data is processed by Threema for the following purposes:
- Ordering of Credits by the Business Customer to use Threema Gateway (contract performance).
Legal Basis
The processing and storage of personal data when Business Customers order Credits is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Necessity
This data processing is necessary to perform contracts with Business Customers on Credits for the use of Threema Gateway.
Storage Period
The name, address, and company of a Business Customer will be stored until the deletion of their Customer Account and then deleted after 14 days, subject to retention rights and obligations (see Section 2.B.).
D. Invoicing Credits
Processing
As soon as a Business Customer has accepted a quotation (see Section 2.C.), the data stored for their Customer Account, including personal data, is processed on the Threema Servers for billing purposes.
Categories of Processed Personal Data
To invoice Credits, the following personal data is processed on the Threema Servers:
- Customer Number;
- Name;
- Address;
- Company (optional);
- Email address.
Purpose
The aforementioned personal data is processed by Threema for the following purposes:
- Invoicing for Credits (contract performance).
Legal Basis
The processing of personal data for invoicing is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Necessity
This data processing is necessary to perform contracts with Business Customers on Credits for the use of Threema Gateway.
Storage Period
The Customer Number, name, address, and company of a Business Customer will be stored until the deletion of his Customer Account and then deleted after 14 days, subject to retention rights and obligations (see Section 2.B.).
If a Business Customer does not pay an invoice within the applicable payment period, the processing of his personal data within the scope of this invoice is automatically terminated. The Business Customer will be automatically informed about the deletion of the invoice.
E. Requesting a Gateway ID
Processing
As soon as a Business Customer has purchased Credits for Threema Gateway, they can request a Gateway ID from Threema via the Threema Gateway Cockpit.
In the request for a Gateway ID, the Business Customer must include the planned use case so that employees of Threema can determine the technical feasibility. The request is processed by Threema together with personal data of the Business Customer.
Categories of Processed Personal Data
When submitting a request for a Gateway ID, the following personal data is processed on the Threema Servers:
- Customer Number;
- Email address.
To protect Threema Gateway from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.G.).
Purpose
The aforementioned personal data is processed by Threema for the following purposes:
- Recording, processing, and answering of requests for Gateway IDs.
Legal Basis
The processing of personal data for requests for Gateway IDs is based on the overriding private interest (use of Threema Gateway by the Business Customer; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Storage Period
The request for a Gateway ID is stored in the Threema Servers until revocation, i.e., until deletion of the corresponding Gateway ID, and then immediately deleted.
The storage period of the personal data of the Business Customer is set out under Section 2.B. hereinabove.
F. Outgoing Messages of a Gateway ID (“Basic” Option)
Processing
With Threema Gateway’s “Basic” option, Business Customers can send information as messages to Users from their own IT systems via a Gateway ID. It is not possible with the “Basic” option to receive messages from Users with a Gateway ID.
In the “Basic” option of Threema Gateway, the public and private key of a Gateway ID are stored on the Threema Servers; the encryption of outgoing message contents also happens on the Threema Servers.
While message contents are immediately encrypted after receiving them on the Threema Servers from the IT systems of the Business Customer via the API, they are temporarily processed in the memory of the Threema Servers in unencrypted form. In contrast, incoming messages from Users to a Gateway ID are deleted on the Threema Servers prior to their decryption.
Note: In the “End-to-End” option of Threema Gateway, message contents of a Gateway ID are never even temporarily processed on the Threema Servers in unencrypted form, but are encrypted and decrypted in the IT systems of the Business Customer. The private key of a Gateway ID remains with the Business Customer, thereby making it impossible for Threema to decrypt and read the encrypted message contents of such a Gateway ID.
Categories of Processed Personal Data
When sending messages from a Gateway ID (“Basic” option), the following personal data is processed on the Threema Servers:
- Message contents (temporarily unencrypted).
Purpose
The aforementioned personal data is processed by Threema for the following purposes:
- Use of the contractually agreed functions of Threema Gateway in the “Basic” option by the Business Customer (contract performance).
Legal Basis
The processing of personal data for sending and receiving messages by a Gateway ID (“Basic” option) is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Necessity
The processing of personal data is necessary to enable Business Customers to use Threema Gateway in the “Basic” option as contractually agreed.
Storage Period
The messages sent and received by a Gateway ID are never permanently stored on the Threema Servers in unencrypted form.
If the recipient of a message of a Gateway ID has no connection to the Threema Servers, the message of a Gateway ID is stored exclusively in encrypted form for a maximum of 14 days, calculated from the first delivery attempt, and then automatically deleted.
G. Misuse Protection (hCaptcha)
Processing
In order to prevent misuse through forms submitted by machines, Threema uses the captcha of the “hCaptcha” service for all forms and login screens used in Threema Gateway.
hCaptcha is a service of Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA (hereinafter “Intuition Machines”). hCaptcha is “ISO 27001”-certified. Business Customers can find more information on data protection at Intuition Machines under this external link.
The USA as the registered office of Intuition Machines and the probable place of data processing of the hCaptcha service is not on the list of states under Annex 1 to the Ordinance on Data Protection of August 31, 2022 (“DPO”; SR 235.11); therefore, its legislation does not ensure adequate data protection; Art. 16 Sec. 1 FADP in connection with Art. 8 Sec. 1 DPO.
For this reason, personal data disclosed to Intuition Machines is converted to a one-way encrypted hash value on the Threema Servers before it is disclosed.
Note: No personal data is disclosed to Intuition Machines; identification of Business Customers is thereby not possible.
Categories of Processed Personal Data
When solving a captcha, the following personal data is processed on the Threema Servers and disclosed to Intuition Machines in pseudonymized form:
- IP address (one-way encrypted).
Purpose
The aforementioned personal data is processed by Threema and disclosed to Intuition Machines in pseudonymized form for the following purposes:
- Information security.
Legal Basis
The processing of IP addresses on the Threema Servers and their disclosure to Intuition Machines in pseudonymized form is based on the overriding private interest (misuse protection) of Threema; Art. 13 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].
Necessity
This data processing is necessary to prevent misuse through forms in Threema Gateway submitted by machines.
Storage Period
After their pseudonymization and their disclosure to Intuition Machines in pseudonymized form, the IP addresses of Business Customers are immediately deleted on the Threema Servers.
3. Disclosure of Data to Third Parties
Principally, Threema does not disclose to third parties any personal data that is transmitted by the Business Customer when using Threema Gateway that is then processed and stored on the Threema Servers. Threema reserves the right to disclose personal data to third parties (e.g., lawyers) if it is necessary for the assertion, exercise, or defense of legal claims by Threema.
4. Collection of Data from Third Parties
Principally, Threema does not collect from third parties any personal data that is transmitted by the Business Customer when using Threema Gateway and then processed and stored on the Threema Servers.
5. Data Security
In addition to using state-of-the-art encryption methods, Threema takes all necessary technical and organizational measures to prevent unauthorized access and misuse of data in Threema Gateway. The security measures are continuously improved in line with technological developments.
6. Control Options
In addition to the legal claims of data protection law (see Section 7), Threema grants Business Customers the following control options over their personal data:
Rectification, Completion, and Deletion of All Stored Personal Data
Business Customers may rectify, complete, or delete stored personal data in the Threema Gateway Cockpit at any time, in particular by deleting their Customer Account.
This is subject to Threema’s retention rights and obligations (see Section 2.B.).
7. Rights of Data Subjects
Data subjects whose personal data is processed within the scope of using Threema Gateway can assert various claims under data protection law against Threema.
If Threema processes personal data on behalf of a Business Customer, i.e., as a processor, claims of data subjects under data protection law must be primarily asserted against the Business Customer as the controller of the data processing. Threema will support the Business Customer in the fulfilment of claims under data protection law by data subjects.
In order to fulfil these claims, Threema may have to process personal data of data subjects. In particular, Threema must be able to identify the data subject in order to ensure that the data subject rights are not exercised by anyone other than the data subject and that no personal data is unlawfully disclosed to third parties.
Depending on the applicable law, data subjects may exercise the following rights in relation to personal data against Threema:
Right to Information
Art. 25 and 26 FADP [for EU/EEA: Art. 15 GDPR]
A data subject has the right to request information about their personal data processed by Threema.
Right to Correction or Completion
Art. 32 Sec. 2 FADP [for EU/EEA: Art. 16 GDPR]
A data subject has the right to request that Threema corrects inaccurate or completes incomplete personal data without undue delay.
Right to Deletion
Art. 32 Sec. 2 FADP [for EU/EEA: Art. 17 GDPR]
A data subject has the right to request that Threema deletes their personal data without undue delay.
Right to Withdrawal of Consent
only for data processing based on consent; Art. 30 Sec. 2 FADP [for EU/EEA: Art. 7 Sec. 3 GDPR]
A data subject has the right to withdraw their consent to the processing of their personal data by Threema. This has the consequence that Threema may no longer continue the data processing based on this consent. The processing of the User’s personal data by Threema up to this point in time on the basis of the User’s consent remains lawful.
Right to Objection
only for data processing based on legitimate interests; Art. 30 Sec. 2 FADP [for EU/EEA: Art. 21 GDPR]
A data subject has the right to object to the processing of their personal data by Threema where such personal data is processed based on Threema’s overriding private interests; Art. 31 DSG [for EU/EEA: Art. 6 Sec. 1 lit. f GDPR].
Right to Blocking
Art. 32 FADP [for EU/EEA: Art. 18 GDPR]
For the protection of their personality, a data subject has the right to request that Threema blocks the processing of their personal data.
Right to Data Transfer
Art. 28 and 29 FADP [for EU/EEA: Art. 20 GDPR] [only for data processing based on consent or a contract and with the aid of automated procedures]
A data subject has the right to receive the personal data they have provided to Threema in a structured, commonly used, and machine-readable format, provided that:
- the processing is based on consent or on a contract; and
- the processing is carried out with the aid of automated procedures.
8. Timeliness and Amendment of this Privacy Policy
Threema reserves the right to amend this Privacy Policy from time to time in order to comply with changed legal requirements or to implement new features in the Privacy Policy. The current Privacy Policy is always linked in the Threema Gateway Cockpit.