Privacy Policy
Last Updated: October 15, 2026
Saskbank is a registered trademark of Saskatoon Banking Ltd. Saskbank is committed to protecting the privacy of every individual and business that interacts with us. This policy explains what data we collect, why we collect it, and what choices you have. We've organized it by data type so you can find what matters to you quickly.
1. Information We Collect Through Forms
You share information with us directly when you fill out forms on our website or submit documents as part of an account application. This includes:
- Contact form submissions — your name, email address, phone number, and business details you provide when requesting a consultation or asking a question
- Account opening applications — KYC (Know Your Client) documentation required under FINTRAC regulations, including government-issued identification, proof of business registration, corporate documents, and beneficial ownership information
- Newsletter subscriptions — your email address only, used exclusively for delivering our monthly briefing
- Wealth management onboarding forms — financial information, investment objectives, risk tolerance questionnaires, and portfolio details necessary to provide personalized advice through our fee-only wealth management division
We collect only what's necessary. If a field is optional, we label it clearly.
2. Information We Collect Through Cookies
Cookies are small text files stored on your device when you visit our website. We use three categories:
- Essential cookies — these handle session management, security tokens, and login persistence for our online banking platform. They're required for the site to function and cannot be disabled.
- Analytics cookies — we use Google Analytics with anonymized IP addresses to understand page views, traffic sources, and device types. No personally identifiable information is captured through analytics cookies.
- Preference cookies — these store your language preference and accessibility settings so we don't ask you to reconfigure them on each visit.
We don't use advertising cookies, and we don't sell data to third-party advertisers. That's a firm policy — not a marketing statement.
| Cookie Category | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Essential | Session management, security, login | Session / 30 days | No |
| Analytics | Anonymized page views & traffic data | 26 months | Yes |
| Preference | Language, accessibility settings | 12 months | Yes |
3. Information We Collect Through Analytics
When you visit our website, analytics tools record general usage data. This includes:
- Pages viewed and approximate time spent on each page
- Referral source — how you found us (search engine, direct link, external website)
- Browser type and operating system
- Geographic region at the city level — not precise location or street address
- Device type (desktop, tablet, mobile)
Analytics data is aggregated and anonymized. We use it to improve site functionality and content relevance — for example, identifying which resource guides are most frequently downloaded, or whether a particular page loads slowly on mobile devices. We never attempt to re-identify individual visitors from analytics data.
4. How We Use Your Information
The information we collect serves specific, limited purposes:
- Responding to inquiries — when you submit a contact form or request a lending proposal, we use your information to connect you with the appropriate team member and provide the service you've requested
- Processing applications — account opening and lending applications require KYC/AML verification to comply with FINTRAC regulations and OSFI supervisory expectations
- Improving our website — analytics data helps us make better decisions about content, navigation, and online banking platform development
- Service communications — we'll send you transaction confirmations, account notices, and regulatory disclosures related to your account. We won't send marketing material unless you've explicitly opted in
- Regulatory compliance — as a federally chartered Schedule I bank (registration SC-2017-0438), we're required to maintain certain records and submit reports to OSFI, FINTRAC, and the CDIC
5. How We Share Your Information
We hold your data closely, and we don't monetize it. Here's who may access your information and why:
- We don't sell personal information. Not to data brokers, not to advertisers, not to anyone. Full stop.
- Regulatory bodies — we share data with OSFI, FINTRAC, and the CDIC as required by Canadian banking regulations. These disclosures are mandatory and are limited to the information each regulator needs to perform its supervisory function.
- Third-party service providers — our hosting provider, email delivery platform, and security auditors may process data on our behalf. Each is contractually bound by confidentiality and data protection requirements commensurate with the sensitivity of the information they handle.
- Legal requirements — disclosure may occur if required by law, court order, or regulatory directive. We'll notify you if permitted to do so.
6. Your Rights and Choices
You have meaningful control over your data. Here's how to exercise it:
- Access your data — contact us at contact@example.com or call (416) 555-0100, and we'll provide a summary of the personal information we hold about you within 30 days
- Request correction or deletion — if your information is inaccurate or you'd like it removed, we'll accommodate the request, subject to regulatory retention requirements (some records must be kept for compliance purposes even after you ask for deletion)
- Opt out of non-essential cookies — use the "Manage Preferences" option on our cookie consent banner at any time, or clear cookies through your browser settings
- Unsubscribe from communications — every marketing email includes an unsubscribe link. One click, immediate removal, no follow-up questions.
7. Data Retention
We keep data only as long as necessary — whether that necessity is driven by your active relationship with us or by regulatory requirements. Specific timelines:
- Account-related data — retained for 7 years after account closure, as required by OSFI supervisory expectations and FINTRAC record-keeping obligations
- Contact form submissions — retained for 2 years from the date of submission, then permanently deleted
- Analytics data — retained for 26 months (the Google Analytics default), then automatically purged
- Cookie data — retained per the cookie-specific expiry detailed in the table above
- Wealth management records — retained for 7 years after the advisory relationship ends, consistent with securities regulatory requirements
8. Security Measures
We protect your information with institutional-grade security controls:
- 256-bit SSL encryption on every page of our website and online banking platform — your data is encrypted in transit at all times
- Multi-factor authentication on online banking, including SMS verification and authenticator app support
- Regular third-party security audits — our systems are independently tested at least annually by a certified cybersecurity firm, with results reported to our Chief Risk Officer and OSFI
- Employee access controls — data access is granted on a strict need-to-know basis, and every access event is logged and auditable
- Incident response protocol — in the event of a data breach, we'll notify affected individuals within 72 hours and report to the Office of the Privacy Commissioner as required under PIPEDA
9. Contact for Privacy Concerns
If you have questions about this policy or concerns about how your data is handled, reach out directly:
Privacy Officer, Saskbank
199 Clemow Avenue, Ottawa, Ontario K1S 1Z3
Email: contact@example.com
Phone: (416) 555-0100
We take every inquiry seriously and will respond within 10 business days. If our response doesn't resolve your concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.