Detailed information about data protection when using Threema Gateway can be found here (PDF).
Who is responsible for processing personal data?
Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland, is responsible for the processing of personal data.
You can contact our Data Protection Officer at
privacy at threema dot ch.
If Threema Gateway is used by a Business Customer of Threema, that Business Customer is the controller responsible for data processing. Threema assumes the role of processor for the Business Customer.
What purposes does Threema process personal data for?
We process your personal data for the following purposes:
- Delivery of the Threema Gateway Cockpit;
- Contract performance;
- Information security.
What personal data is processed?
Depending on how you use Threema Gateway, the following personal data is processed:
- IP address;
- Email address;
- Customer number
- Company (optional);
- Outgoing message contents of Gateway IDs (temporarily unencrypted).¹
What personal data is processed temporarily?
During an ongoing data transmission, the following personal data is only processed temporarily:
- Outgoing message contents of Gateway IDs in the “Basic” option (temporarily unencrypted).
What personal data is stored and for how long?
The following personal data is stored by us (storage period in brackets):
- IP address (for 10 days);
- Email address (until revocation);
- Customer number (until revocation);
- Name (until revocation);
- Address (until revocation);
- Company (until revocation).
Is personal data disclosed to third parties?
Your personal data collected when using the Threema Gateway will be processed exclusively on our own hardware (servers) in Switzerland and will not be disclosed to third parties.
What control options do you have?
In addition to your legal claims under data protection law, Threema provides you with the following control options over your personal data:
- Rectification, completion, and deletion of all personal data.
What rights do you have?
You have a right to information to Threema and a right to rectification, completion, deletion, and blocking of your personal data as well as a right to withdrawal (of your consent) and to objection (against data processing based on overriding interests).
If Threema processes personal data on behalf of a Business Customer, i.e., as a processor, your rights must be primarily asserted against the Business Customer as the controller of the data processing. Threema will support the Business Customer in the fulfilment of your claims under data protection law.
- ¹ Outgoing message contents of Gateway IDs in the “Basic” option are only encrypted on the Threema Servers and temporarily processed in unencrypted form until then. In contrast, incoming and outgoing messages in the “End-to-End” option are only encrypted and decrypted in the IT systems of the Business Customer.