Yes. Visitors can request deletion of contact-form submissions and associated email records by writing to the ScotiaConnect reference service desk. Server-log entries are retained for a short window for security and diagnostics before being automatically purged.
Privacy commitment
Effective date: 2026-04-22. This privacy commitment covers the ScotiaConnect reference site at sconnect.gr.com. The reference site is informational and is not the ScotiaConnect production banking portal; data handled here is limited to what the reference site itself processes. Canadian users have rights under the Personal Information Protection and Electronic Documents Act; EU and UK visitors have rights under the General Data Protection Regulation as applied in the relevant jurisdiction.
Scope of this commitment
Short version. This commitment covers the reference site only. The production ScotiaConnect banking portal has its own privacy documentation, issued to commercial clients during onboarding. Commercial banking privacy notices take precedence over anything on this site for portal-related data.
The ScotiaConnect reference site hosts informational pages about commercial banking workflows. It does not process banking transactions, does not store account balances and does not read customer bank data. Any data referenced on this site is illustrative rather than live customer data. This commitment therefore scopes to the limited data the reference site itself collects: server-side logs, cookie-preference state and voluntary submissions through the contact form.
Data the reference site collects
Three categories of data are collected by the reference site. Server logs record the IP address, user agent, requested URL, referrer and timestamp of each request. Cookie-preference state captures the visitor's choice on the cookie banner when presented. Contact-form submissions capture the fields the visitor chooses to fill in: typically name, email, company and the message body. No payment information is collected by the reference site, and no authentication credentials for any bank portal are requested by the reference site.
Server logs are retained for a short rolling window for security, diagnostic and abuse-detection purposes, then automatically purged. Contact-form submissions are retained for the duration of the service interaction they relate to and for a reasonable period afterwards for audit. Cookie-preference state persists on the visitor's device until cleared by the visitor or by the browser itself.
Processors and locations
The reference site uses a small set of third-party processors: a content-delivery network for static assets, an email-delivery service for contact-form responses, and an optional privacy-respecting analytics provider for aggregate traffic statistics. Processor locations are primarily Canada and the United States. Where a processor stores data outside the visitor's jurisdiction, standard contractual safeguards apply.
User rights
Short version. Visitors can request access to, correction of or deletion of data the reference site holds about them, within the limits imposed by applicable law and by legitimate business purposes such as security diagnostics.
Canadian visitors exercising rights under PIPEDA can request access to, correction of and, where applicable, deletion of personal information held by the reference site. Guidance on Canadian privacy rights is available from the Office of the Privacy Commissioner of Canada. EU and UK visitors exercising rights under the GDPR and the UK GDPR can request access, rectification, deletion, restriction of processing, data portability and objection to processing. US visitors can additionally consult consumer.ftc.gov for federal consumer-privacy guidance.
Requests should be sent to the commercial service desk at service-desk@sconnect.gr.com. Identity verification steps apply before any action is taken, to prevent an unauthorized person from triggering changes on behalf of another visitor.
Cookies and analytics
The reference site uses a minimal set of first-party cookies for session handling and for remembering interface state such as the mobile-menu open state. No advertising cookies are set, and no cross-site tracking cookies are set. Analytics, where used, is configured with IP truncation, without persistent identifiers and without profile building.
Data category reference
| Data category | Retention | Processor location |
|---|---|---|
| Server request logs | Short rolling window, then purged | Canada |
| Cookie preference state | Until cleared by visitor | Visitor device, first-party |
| Contact-form submissions | Duration of interaction, plus audit window | Canada |
| Email delivery logs | Short rolling window, then purged | Canada / United States |
| Analytics aggregates | Aggregate only, no raw-event retention | Canada / European Economic Area |
Frequently asked questions
The ScotiaConnect reference site uses a small number of first-party cookies for session handling and for remembering the mobile-menu open state. No advertising or cross-site tracking cookies are set. Analytics, where used, is configured with IP truncation and without persistent identifiers.
Privacy questions are routed through the ScotiaConnect reference service desk at service-desk@sconnect.gr.com. Canadian users can also reach the Office of the Privacy Commissioner of Canada for guidance on their PIPEDA rights.