Privacy and Data Practices

Review our Privacy Notice

Effective: May 1, 2026

Applies to: Bangor Savings Bank and any affiliates or subsidiaries that link to this page. In this page, Bangor, we, us, and our all mean Bangor Savings Bank.

Welcome and Purpose

What this Policy Covers

Scope of the Online Services

Key Definitions

Information We Collect

How We Associate and Combine Information

How We Use Information

When We Share Information

Cookies, Tracking Technologies, and Online Advertising

How We Protect Information

How Long We Keep Information

Your Rights and Choices

State Privacy Rights for Non-GLBA Information

Business Line Specific Privacy

Bangor Payroll and HR Services

Wealth Management

Social Media, Third Party Sites, and User Content

Other Legal Notices

Contact Us

Welcome and Purpose

Your privacy and your trust are important to us. This page explains how we collect, use, share, and protect information about you, and what choices you have. 

This page covers both: 

  • Your everyday banking relationship with us, which is generally governed by the Gramm Leach Bliley Act (GLBA) and Regulation P. 

  • Other ways you interact with us online, such as visiting our public website, receiving email from us, viewing our digital ads, or taking part in events and career opportunities. 

Some important things to know about how the laws work: 

  • GLBA and Regulation P apply when you have a consumer financial product or service with us, such as a checking account, savings account, credit card, or loan. 

  • State privacy laws may give you additional rights for information that is not covered by GLBA. For example, information we collect on our public marketing pages, from event registrations, or when you apply for a job. 

  • State privacy laws usually do not apply to GLBA regulated information. When there is a difference, we follow the rule that gives more protection to your information. 

By visiting our online services, using our online tools, or responding to our electronic communications, you are using our online services and the practices described in this page may apply to you. 


What this Policy Covers

This page explains: 

  • Which online and offline services are covered 

  • What information we collect and where it comes from 

  • How and why we use information 

  • When and with whom we share information 

  • How cookies and other tracking tools work, including advertising and personalization 

  • How we combine information from different sources and devices 

  • How we protect information and how long we keep it 

  • Your privacy rights and how to use them 

  • Business line specific practices, such as Banking as a Service, Payroll and HR services, and Wealth Management 

  • Other required legal notices 

  • How to contact us 


Scope of Our Online Services

When we say online services, we mean: 

  • Bangor Savings Bank or its subsidiaries branded websites and online banking pages 

  • Bangor Savings Bank branded online forms, calculators, and tools 

  • Bangor Savings Bank branded email and other electronic messages we send 

  • Online advertising campaigns we place on our own websites and/or on other websites, apps, and services run by others 

  • Official Bangor Savings Bank pages on social media platforms, where our own terms and notices appear 

These online services may be operated by us, our service providers, or our advertising partners. 

If you have a financial product and/or service with us, we use and share your information according to the privacy notice that applies to your account. Our online practicelayer on top of that and describe how your information is collected and used in online contexts. 


Key Definitions

Personal information:

Information that identifies you or can reasonably be linked to you or your household. This may include your name, address, phone number, email, account numbers, online identifiers, and other similar details. 

GLBA information:

Personal information collected in connection with a consumer financial product and/or service for personal, family, or household purposes. 

Non GLBA information:

Personal information collected outside a GLBA covered relationship. Examples include website analytics for visitors who are not logged in, information collected in marketing campaigns, or information you provide as a job applicant.

Service provider:

A company we hire to perform services for us under contract. Service providers must protect any personal information they receive from us and may only use it as we permit.

Advertising partner:

A type of service provider that helps deliver, measure, or improve our ads on our own sites and third party sites.

Sale or targeted advertising:

Some state laws define certain sharing practices as a sale or sharing for targeted advertising. We do not sell GLBA information. In limited cases, we may use information in non-GLBA contexts to deliver or measure interest-based ads as described in the section called "online advertising and personalization".


Information We Collect

We collect information in three main ways: 

  • You give it directly to us. 

  • We collect it automatically when you use our online services. 

  • We obtain it from other sources, such as credit bureaus, payment networks, or our partners.

To make this easier to understand, here is a table with the main types of information we collect, examples, and how we use them. 

Types of Information We Collect

CategoryExamplesWhy we collect 
Contact informationName, mailing address, phone number, email addressTo identify you, open and service accounts, communicate with you, and send legally required notices
IdentifiersDate of birth, government issued identifiers where allowed by law, Bangor Savings Bank customer or user IDs, device identifiersTo verify your identity, meet legal requirements, prevent fraud, and recognize you when you return to our online services
Account and transaction informationAccount numbers, balances, deposits, withdrawals, transfers, card activity, merchant information, statements and account historyTo operate and service your accounts, process transactions, provide online banking features, detect fraud, and meet recordkeeping and reporting obligations
Financial profileIncome, employment details, credit history and scores obtained from credit bureaus and/or applicationsTo evaluate applications, set up and manage accounts and loans, and comply with lending laws and regulations
Device and network dataIP address, browser type and settings, operating system, device make and model, mobile advertising identifiers, screen size, language settings, network information, crash logsTo secure our systems, detect unusual activity, troubleshoot problems, adapt content to your device, and improve performance of our websites and online tools
Usage dataPages visited, links clicked, time spent on pages, search terms used within our site, how you move through our websites or interact with email, whether you opened an email or clicked a linkTo understand how people use our online services, improve layout and content, measure the success of features and campaigns, and tailor some content in non-GLBA contexts
Location dataGeneral non-precise location from IP address, and precise location from the mobile app when you give permission. To support security and fraud detection, provide region specific information, and help you find nearby branches/ATMs or receive location based messages in the app 
Audio and visual informationRecordings of calls with customer service, voicemail messages, ATM and branch camera footageTo improve customer service, document interactions, resolve disputes, and protect customers, employees, and property
Employment related informationJob applications, resumes, interview notes, background check results, and payroll or HR data if your employer uses our servicesTo recruit and hire employees, manage our workforce, and provide payroll and HR services to business clients consistent with law
Inferences and internal analyticsInternal scores, segmentations, or other observations derived from account data, usage, or interactionsTo manage risk, detect potential fraud or misuse, and improve how we design and offer products and services

Sources of Information

Depending on how you interact with us, we may obtain information from: 

  • You directly, when you open an account, complete a form, call us, send a secure message, or interact with our staff. 

  • Your devices, when you visit our websites, view our email, or use online banking. 

  • Our affiliates, consistent with applicable notices and your choices. 

  • Credit bureaus and consumer reporting agencies, to help us verify identity or assess eligibility. 

  • Identity verification and fraud prevention services. 

  • Payment networks and other financial institutions that process or receive your transactions. 

  • Your employer, when your employer uses our payroll or HR services. 

  • BaaS program partners if you use a financial product that involves a partner app or platform. 

  • Public sources, such as government databases or public records, where allowed by law. 


How We Associate and Combine Information

To provide a consistent and secure experience, we may associate information from your browser, mobile device, or other online interactions with other information we have about you. 

Examples of how this can work: 

  • Using identifiers such as IP address, customer ID, device ID, or mobile advertising ID, along with cookies and similar technologies, to recognize you or your device when you return to our sites. 

  • Linking information from multiple browsers or devices that appear to be used by the same customer, so we can recognize your preferences and detect unusual activity. 

  • Matching online usage data with your Bangor Savings Bank profile or account information, when you are logged in or when we can reasonably identify you, so we can secure your session, prevent fraud, and improve or personalize parts of your experience. 

If you are a customer, we may link information collected through online services to your customer profile and use it for the purposes described in this page and in the privacy notices that apply to your accounts. 


How We Use Information

We use the information described above in ways that are consistent with this page, with our GLBA privacy notice, and with applicable laws. Common uses include: 

Provide and manage products and services

  • Opening, reviewing, and servicing accounts and financial products.
  • Processing transactions, payments, deposits, withdrawals, transfers, and other instructions.
  • Maintaining records of your accounts, balances, and activity.

Authenticate and protect

  • Verifying your identity when you open an account, sign in, or contact us.
  • Protecting against fraud, unauthorized transactions, money laundering, and other illegal activities.

  • Monitoring for unusual behavior and applying additional security checks where needed.

Operate, improve, and personalize online services

  • Operating our websites and online tools so that they function on different devices and browsers.
  • Measuring usage, performance, and response to new features.
  • Fixing bugs, errors, and technical issues.
  • Providing more helpful content or offers on our own websites in Non GLBA contexts, where allowed by law.

Communicate with you

  • Sending required legal and regulatory notices.
  • Providing account statements, alerts, and service messages.
  • Responding to your questions and requests.
  • Sending information about products and services you have or may be interested in, consistent with your marketing choices.

Compliance, risk management, and reporting

  • Meeting legal, regulatory, tax, and accounting obligations.
  • Supporting audits, risk assessments, and internal control programs.

Recruiting and employment

  • Reviewing job applications, conducting interviews and background checks.
  • Managing employment records and providing payroll and HR services.

When the law requires it or when we have your consent, we may also use information for other purposes that we describe at the time we collect it.


When We Share Information

We share with companies that perform services on our behalf, such as:

Service providers

We share with companies that perform services for us, such as:

  • Core banking processors, payment processors, and card networks.
  • Statement printers and mail or email delivery services.
  • Cloud hosting providers and technology vendors.
  • Identity verification, fraud prevention, and cybersecurity providers.
  • Analytics, website performance, and advertising measurement partners.

Affiliates

We may share certain information with our affiliates for everyday business purposes, risk management, or as allowed by law and described in your GLBA notice.

Other financial institutions and joint marketing partners

We may share information with other financial institutions to process your transactions or to jointly offer products or services.

Mortgage partners 

We share information with selected mortgage-related service providers as needed to process, underwrite, close, and service mortgage loans. They receive only the information needed to perform their services and must protect it as required by law and contract. 

BaaS and other program partners 

We share information with BaaS program partners as described in the Banking as a Service section below. 

Wealth Management partners 

We share information with custodians, broker dealers, and other investment or advisory partners as needed to provide services and follow securities laws. 

Compliance and legal obligations 

We may share information with regulators, law enforcement, courts, or other parties when required or permitted by law, such as to respond to subpoenas, court orders, or government requests. 

Corporate transactions 

If we sell or transfer part of our business, merge, or reorganize, information may be shared as part of that transaction, subject to confidentiality protections. 

Aggregated and de-identified information 

We may share aggregated or de-identified information that does not identify you personally. We use this for analysis, reporting, and improving our services. 


Cookies, Tracking Technologies, and Online Advertising

What tools we use

We and our service providers may use a variety of tools on our websites and in our electronic communications, and online advertising. These can include: 

  • Cookies, which are small files placed in your browser. 

  • Local storage technologies, which can store information in your browser or device. 

  • Web beacons or pixels, which help us understand whether content or emails were viewed or opened. 

  • SDKs and similar tools in digital services, which may collect identifiers and usage data. 

These tools can be set by Bangor Savings Bank (first party) or by our service providers and advertising partners (third party). 

How we use these tools

We use these technologies to: 

  • Enable basic site functions, such as secure logins, session management, and navigation. 

  • Remember your preferences or settings, such as language, where available. 

  • Measure how many people visit our pages, which pages are used, and in what order. 

  • Help protect against fraud and misuse by identifying unusual patterns. 

Online advertising and personalization

In certain cases, we may work with advertising partners to: 

  • Show Bangor ads on websites and apps that are not operated by us. 

  • Re-engage individuals who have previously visited our websites or interacted with our content (sometimes called retargeting or remarketing).

  • Understand which ads or messages are seen, opened, or acted on. 

  • Measure the results of our campaigns and improve future communications. 

  • Identify general groups of visitors that may be interested in certain products or services. 

Our advertising partners may use cookies, pixels, mobile advertising identifiers, and similar technologies to collect information about your interactions with our websites and with third‑party websites or apps over time. This information may be used to infer interests or preferences and to deliver more relevant advertising. This is sometimes called interest based or online behavioral advertising. 

Any such use is focused on non-GLBA information and is subject to state law and your choices. 

Your choices for cookies and online advertising

You have several ways to control how cookies and similar tools are used: 

  • Browser settings: you can set your browser to block or delete cookies. If you do, some site features may not work correctly. 

  • Advertising opt-outs: Where required by law, we provide a method to opt out of certain sharing of non-GLBA information for targeted or retargeted advertising purposes.

  • Global Privacy Control (GPC): where the law requires it, we treat a valid GPC signal from your browser as a request to opt out of certain types of sharing for targeted advertising. 

We do not use personal information for targeted or retargeted advertising. You may still see Bangor Savings Bank advertisements online, but they are not based on cross-site tracking of your GLBA information.  

We may continue to use cookies or similar tools for required purposes such as security, fraud prevention, basic site functionality, and to understand general website usage. 


How We Protect Information

We use a layered approach to security that includes people, processes, and technology. 

Examples of safeguards include: 

  • Administrative controls such as privacy and security policies, background checks where appropriate, employee training, and clear responsibilities for protecting data. 

  • Technical controls such as firewalls, network monitoring, strong encryption for sensitive data in transit and at rest, multi factor authentication for internal and external access, and regular testing of our systems. 

  • Physical controls such as secured facilities, restricted access to areas where systems are located, and controls for storage and disposal of documents and media. 

We also maintain incident response processes to detect, investigate, and respond to potential security events. If the law requires us to notify you of a certain type of incident, we will do so in line with legal requirements and our internal policies. 

We provide education and tools to help you protect yourself, such as tips on recognizing fraud and phishing, recommended security settings, and ways to lock or monitor your cards and accounts. 


How Long We Keep Information

We retain information only as long as we reasonably need it for the purposes described in this page or as required by law, regulation, or contract. Factors that influence how long we keep information include: 

  • Legal and regulatory retention periods for banking, lending, payment, tax, and employment records. 

  • The time needed to resolve disputes, respond to complaints, and enforce our agreements. 

  • Internal risk management and audit requirements. 

When information is no longer required, we follow our data retention and disposal standards to delete it or convert it to a de identified or aggregated form. 


Your Rights and Choices

Your rights depend on the type of information and where you live.

GLBA and Regulation P rights for banking customers

If you have a consumer financial product or service with us: 

  • You receive a GLBA privacy notice that explains how we share GLBA information and how to limit certain sharing with non-affiliatesGLBA Notice Link

  • GLBA information is generally excluded from state privacy laws, although we may choose to extend some state rights more broadly. 

To exercise your GLBA sharing choices, follow the instructions in your GLBA notice or contact us using the information at the end of this page. 


State Privacy Rights for Non-GLBA Information

Certain states give you rights over some non-GLBA personal information. Depending on your state of residence, these may include: 

  • The right to know what categories of personal information we have collected and the sources, purposes, and categories of recipients. 

  • The right to access or receive a copy of certain personal information in a portable format. 

  • The right to correct inaccurate personal information. 

  • The right to request deletion of personal information, subject to legal exceptions. 

  • The right to opt out of the sale of personal information or sharing for targeted advertising where those concepts apply. 

  • The right to limit the use of certain sensitive categories of personal information where state law provides this. 

  • The right to appeal if we decline to take action on your request. 

We do not sell GLBA information. For non‑GLBA information, we do not sell personal information in exchange for money, and we do not use personal information for targeted advertising. Any online measurement or analytics we perform uses non‑identifiable data. 

Business Line Specific Privacy

Banking as a Service (BaaS)

We work with selected financial technology companies and other program partners to offer products and services where Bangor Savings Bank is the bank and the partner provides the user interface, app, or platform. 

Information partners share with us

When you use a partner app or service that connects to a Bangor Savings Bank account, the partner may send us: 

  • Information from your application or enrollment process. 

  • Identity and fraud check results. 

  • Instructions to open accounts or process transactions on your behalf. 

  • Support information related to your Bangor accounts. 

  • Device and risk information that helps detect suspicious activity. 

Information we share with partners

We may share with partners:

  • Limited account details needed to display balances, recent activity, and other information in the partner app.
  • Transaction status, such as confirmation that a payment was sent or that an error occurred.
  • Compliance or risk related indicators, such as account holds or restrictions.
  • Fraud and security signals designed to detect and prevent misuse.

Bangor Payroll and HR Services

When an employer uses Bangor Payroll or HR services:

Employer information

We collect and use employer contact information, billing details, payment and tax remittance instructions, and related records to provide services to the employer.

Employee information

We process personal information about employees as needed to provide payroll and HR services. This may include name, address, contact details, pay rates, hours worked, tax withholding details, benefits elections, and direct deposit information.

Our role

We generally act as a service provider or processor to the employer for employee information, and we follow our contract with the employer and applicable laws.

  • Employees who want to exercise privacy rights related to payroll or HR data should contact their employer.
  • Employers can use their client portal or relationship manager to make changes or request assistance.

We follow applicable wage, tax, and employment record retention requirements when handling payroll and HR data.

Wealth Management

For customers using Bangor Wealth Management or Bangor Wealth Management of New Hampshire investment or advisory services:

  • We collect and use personal information consistent with securities laws and regulations, including SEC Regulation S and P.
  • We may share information with custodians, broker dealers, investment managers, and other service providers that help us provide investment products and services.
  • You may receive separate privacy notices and disclosures, such as Form ADV, that describe how information is used in those products and services.
  • Where there is a conflict between this page and your specific investment disclosures, the more specific notice will generally govern for those accounts.


Social Media, Third Party Sites, and User Content

Our online services may link to or be accessible from websites and apps operated by others, including social media platforms.

  • This page does not apply to those third-party sites or platforms. Their own privacy and security practices apply.
  • Any content you post on third party platforms, including on official Bangor Savings Bank pages, is subject to the terms and privacy policies of those platforms.
  • We encourage you to review those policies carefully before sharing personal information.


Other Legal Notices

Children's privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children without appropriate consent where required by law.

Do Not Track

Some browsers send a Do Not Track signal. There is no broadly accepted standard for how websites should respond to these signals. At this time, we do not act on Do Not Track signals, but we do recognize specific browser based opt out mechanisms, such as Global Privacy Control, where required by state law.

Changes to this page

We may update this page from time to time. When we do, we will change the effective date at the top of the page. If we make a material change, we may provide an additional notice, such as a banner or message.

USA PATRIOT Act notice

Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. This helps the government fight the funding of terrorism and money laundering.

Electronic communications

If you choose to receive disclosures or communications electronically, we may send information by email or present it through our online services, consistent with your consent and with law.

De-identified and aggregated information

We may de-identify or aggregate personal information, so that it can no longer reasonably be linked to a particular individual. We may use and share this information for analysis, research, or other purposes. We do not attempt to re-identify de-identified information except as allowed by law. 


Contact Us

If you have questions about this page, your privacy choices, or how we handle information, you can contact us: 

If you have a financial product or service with us, you can also contact your local branch or relationship manager.