Privacy policy

The Privacy Policy (hereinafter “the Rules“) regulates the processing of personal data by AS Trigon Capital and OÜ Sääse Korterid (hereinafter collectively and jointly “Trigon“), we value privacy and personal data protection and follow the principles of data processing set out in this privacy policy. The privacy policy explains how we collect and use personal data including our website 

  1. Terms and definitions
    1. Personal data – means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    2. Processing of personal data – means any operation or set of operations which is performed on personal data or on sets of Customer’s personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    3. Customer – any natural or legal person who is using, have used or have expressed an interest to use the services provided by Trigon.
    4. Controller  means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
    5. Third party – any person who is not Trigon’s Customer or employee nor employee.
    6. Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    7. Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  1. Principles
    1. Trigon and the processors working for us process person data adhering to following principles:
      1. lawfulness, fairness and transparency – the processing is lawful, fair and transparent to the data subject;
      2. purpose limitation – collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
      3. data minimisation – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
      4. accuracy – the personal data is accurate and up to date; we employ all reasonable measures to ensure that inaccurate personal data is deleted or corrected;
      5. storage limitation – kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
      6. integrity and confidentiality – processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  1. Security of processing
    1. Trigon applies necessary, and appropriate to a risk, organisational, physical and technological measures to protect personal data. These measures include rules and procedures for employees, for managing data and IT infrastructure, internal and external networks and also protecting all the equipment and the building of Trigon.
    2. Trigon has provided relevant training and instructions to all employees processing personal data.
    3. Trigon may use processors to process personal data, we ensure that all our processors process personal data in accordance with our instructions, applicable law and employing all appropriate organisational and technological security measures.
  1. Lawful basis of processing
    1. Trigon processes personal data to ensure performance of a contract, to comply with legal obligations, out of legitimate interest, or on the basis of data subject’s consent.
    2. We process personal data to perform the contract in order to:
      1. verify and, if appropriate, rectify and/or supplement and update personal data submitted by a Customer;
      2. identify and authenticate an individual;
      3. establish the level of service fees;
      4. ensure the performance of a contract (e.g. debt collection procedures, transmitting debt notices);
      5. protect the interests of Trigon and/or a Customer;
      6. avoid any damage to Trigon;
    3. We process personal data to comply with legal obligations in order to:
      1. make a decisions on whether and on which conditions to provide services to a Customer;
      2. identify a Customer;
      3. assess the reliability of a Customer;
      4. reduce and avoid risks.
      5. combat money laundering and financing of terrorism and to fulfill requirements set out in applicable law or recommendations by supervisory authorities or experts;
      6. perform obligations under applicable law (including transmission of information to the law enforcement authorities, notaries or the Tax and Customs Board);
      7. share Customer’s personal data with Estonian relevant EU and EEA credit and financing institutions and financial intermediaries.
    4. Trigon processes personal data based on legitimate interest:
      1. monitor, develop and maintain Trigon’s IT systems and software;
      2. perform statistical and financial analysis.
    5. We process personal data on the basis of data subject’s consent in order to:
      1. offer Trigon’s services and products to a Customer (e.g. offering or introducing new services or products).
  1. Types of personal data
    1. Trigon may collect Customer personal data from a Customer and from external sources such as public and private databases and other third persons.
    2. The categories of Customer personal data collected and processed by Trigon include, but not only, the following:
      1. Customer identification data (including name, date of birth, personal identification code, identity document data (e.g. copy of passport or ID card) etc.);
      2. Customer’s contact details (including address, telephone number, email address, language etc.);
      3. Customer’s tax residency data, e.g. country of residence, tax identification number, citizenship;
      4. Customer’s field of activity, educational establishment or occupation;
      5. Customer’s financial data (including income, assets, liabilities);
      6. Customer’s transactions, transaction partners and contracts related thereto and information on the performance or non-performance of contracts;
      7. Customer’s preferences, behavior and satisfaction (including data on service use activity, the services being used, Customer’s complaints);
      8. sources of Customer’s assets (e.g. employer, field of activity, transaction partners, business etc.);
      9. Customer’s trustworthiness (e.g. information on the performance or non-performance of contracts, damages caused to Trigon or other persons, connections to money laundering, financing of terrorism, criminal activities etc.);
      10. gathered upon the performance of obligations under the law (e.g. data relating to requests received from law enforcement authorities, notaries, tax authorities, courts, claims by bailiffs, bankruptcy trustees etc.).
      11. 5.2.11.Internet data: data on website visitors’ sessions, cookies, log data and IP addresses.
  1. Data controller or data processor and collection of data
    1. Trigon can be a controller or a processor in various data processing operations. To ensure data subject’s privacy rights Trigon abides by confidentiality principles and strictly limits disclosure of personal data.
    2. Only the persons authorised by Trigon have the right to modify and process personal data.
    3. Trigon processes personal data received directly from the data subject (i.e. person who submitted the personal data) or indirectly through a Customer who is a legal person. Personal data received indirectly is processed by Trigon only in accordance with law.
  1. Transmission to Third Parties
    1. Strictly limited by necessity and pursuant to the purposes, Trigon may publish or forward personal data to following third parties and data processors:
      1. other companies of the Trigon Capital Group;
      2. Estonian and foreign persons involved in the performance of a contract with a Customer;
      3. Trigon’s auditors, legal counsels and other service providers who require Customer’s personal data in order to provide their relevant services, including postal services;
      4. service providers to whom Trigon has delegated all or part of its main activities or activities directly supporting its main activities pursuant to conditions set out in the law;
      5. database administrators to whom Trigon transfers Customer’s personal data under the law;
      6. public database administrators for the purpose of performing queries;
      7. personal data processors;
      8. law enforcement authorities, Financial Intelligence Unit or other persons, in order to fulfil an obligation under the law;
      9. Trigon’s financial consultants or other service providers who require Customer personal data for the provision of seamless services to Trigon, provided that such persons fulfil the organisational, physical and IT requirements established by Trigon for maintaining the confidentiality and security of Customer personal data.
    2. Trigon shall disclose Customer personal data to third persons only to the extent required for achieving the purposes set out in Section 4 of the Rules.
  1. Transmission to foreign countries
    1. Customer personal data is processed in Member States of the European Union or the European Economic Area (EU/EEA), where an adequate level of data protection is ensured.
    2. Customer personal data may be transferred to countries outside the EU/EEA subject to the following conditions:
  • ⎯if a third person requests information obtained or created in the process of performance of public duties under a law or legislation issued on the basis thereof and the data requested do not contain any sensitive personal data;
  • ⎯the European Commission has issued an adequacy decision for the specific non-EU/EEA country;
  • ⎯the United States recipient in question has joined the EU-USA Privacy Shield framework;
  • ⎯the Data Protection Inspectorate has issued a permit for the transfer of data.
  1. Retention of personal data
    1. Trigon retains personal data only as long as this is necessary to fulfil the purpose for which the personal data is processed, unless there is an applicable legal obligation stating otherwise. We retain data as follows:
      1. accounting documents must 7 years as stipulated in the Accounting Act;
      2. data collected on the basis of the Money Laundering and Terrorism Financing Prevention Act shall be retained for 5 years after the end of the business relationship;
      3. Trigon retains other data until the end of the respective retention term specified in the company’s personal data processing inventory;
      4. Trigon shall securely destroy and/or delete all personal data that has fulfilled its purpose or upon expiring of the retention term.
  1. Rights of a private Customer
    1. 10.1.A private Customer has the following rights with regard to the processing of his/her personal data:
      1. 10.1.1.the right to request the rectification of inadequate, insufficient or incorrect his/her personal data;
      2. 10.1.2.the right to object to the processing of Customer personal data if such processing is based on a legitimate interest or on Customer’s consent (e.g. provision of marketing materials or participation in surveys);
      3. 10.1.3.the right to receive information on whether Trigon is processing his/her personal data and the right to access such data;
      4. 10.1.4.the right to restrict the processing of his/her personal data;
      5. 10.1.5.the right to receive his/her personal data provided to Trigon by the herself/himself and processed by Trigon under consent or for the performance of a contract, and to transfer such data to another service provider, if it is technically possible (data portability);
      6. 10.1.6.the right to withdraw his/her consent for the processing of personal data. The withdrawal of consent shall not be retroactive;
      7. 10.1.7.the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her, or which similarly significantly affects him/her;
      8. 10.1.8.the right to file a complaint concerning the use of personal data to the Data Protection Inspectorate (website: if the Customer finds that the processing of his/her personal data violates his/her rights under applicable legislation.
  1. Cookies
    1. The website administered by Trigon,, uses cookies to make the user experience on the website more convenient and the use thereof smoother.
    2. A cookie is a small text file that a web browser automatically saves in the device used by the user.
    3. We use cookies to gather anonymous and generalised statistics on the number of website visitors and information on how the website is used to improve our websites user-friendliness.
    4. It is possible to refuse or block cookies on the device, this may mean that the website may not function properly and all services may not be available. To refuse or block cookies you need to change your browser settings.
  1. Validity and Amendments of the Rules
    1. 12.1.The Rules are available to Customers in Trigon’s office and on the website
    2. 12.2.Trigon may unilaterally amend these Rules, subject to the provisions of applicable legislation.
    3. 12.3.Trigon shall notify Customers of any amendments on Trigon’s website or by other means (e.g. by e-mail or a letter to the Customer’s contacts available to Trigon not later than one month before the amendments enter into force).
  1. Contact information
    1. 13.1.Customers may contact Trigon for requests or to withdraw consent, and private Customers can also contact Trigon to use their rights relating to the processing of their personal data or to file complaints concerning the use of personal data by using the following contact details:

OÜ Sääse Korterid

Pärnu mnt 18

Tallinn 10141