The Brink’s Company
Data Privacy Framework Privacy Policy
To provide an adequate level of protection for Personal Data received from the European Union (“EU”), Switzerland, and the United Kingdom (“UK”), The Brink’s Company and its subsidiaries and corporate affiliates in the United States identified here (collectively, the “Company”) comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. The Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Data received from the EU and from the UK, and to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of Personal Data received from Switzerland, pursuant to the DPF (collectively, the “DPF Principles”). This Data Privacy Framework Privacy Policy (the “Privacy Policy”) describes the privacy principles that the Company follows when processing Personal Data received, pursuant to the DPF, from the EU, Switzerland, and the UK that relates to the Company’s: website users, business contacts of current or prospective customers, and service providers and business partners.
For purposes of this Privacy Policy, “Personal Data” means information, in any form, relating to an identified or identifiable individual described above who resides in the EU, Switzerland, or the UK (collectively, the “DPF Countries”) and which is transferred to the Company pursuant to the DPF. If there is any conflict between the terms of this Privacy Policy and the DPF Principles, the DPF Principles shall govern. You can find more information about the Data Privacy Framework program, or to view the Company’s certification to the DPF, by visiting https://www.dataprivacyframework.gov/.
1. The Company’s Collection And Use Of Personal Data
The Personal Data collected and used by the Company includes, for example: business contact information (name, email, phone number, company address, etc.); log-in credentials (username and password) for the Company’s website; contact details for deliveries (delivery address, contact name and phone number); account details (quantity of valuables transferred and holding account); billing information (credit, payment and bank details); and government-issued ID information (customer information file number, Taxpayer Identification number, vehicle registration number, or other identification number(s)), where permitted by applicable law and as necessary for the Company to provide its services.
The Company collects and use Personal Data for the following purpose, among others: to provide the Company’s services (fulfilling orders, managing contracts, processing payments); communicate with the Company’s customers and business contacts and provide customer support; manage customer accounts; market, advertise, and engage in related business development; maintain the Company’s ongoing business operations (recordkeeping, customer data analysis, managing IT infrastructure, market research), and for legal and compliance purposes, (protect the Company, its and or users and defend against legal claims).
In addition, the Company receives Personal Data from users of the Company’s website as described in the Company’s website privacy policy and uses that Personal Data for the purposes described in that policy.
Before processing Personal Data, the Company provides individuals with a notice concerning the processing of their Personal Data. The Company will not use or disclose Personal Data for any purpose that has not previously been disclosed unless: (a) the individual has received notice and an opportunity to exercise choice, as described below, with respect to such use or disclosure; or (b) applicable law permits the use or disclosure without requiring that the Company first comply with the Notice and Choice Principles.
2. The Company’s Disclosure Of Personal Data
On occasion, for purposes of managing product lines and other business interests, the Company’s subsidiaries and affiliates located outside of the U.S. and the DPF Countries may access individuals’ Personal Data. In addition, the Company may disclose the Personal Data of website visitors to other third parties as described in the Company’s website privacy policy referenced above.
The Company may disclose Personal Data to authorized service providers who provide services for the purposes described above. For instance, the Company uses authorized service providers located in the United States to help the Company provide services or to perform services on the Company’s behalf, such as to process payments, fulfill orders, provide customer service, and perform credit checks. Before making such disclosures, the Company obtains written assurances from the service provider that it will safeguard Personal Data in a manner consistent with this Privacy Policy as well as other contractual protections required by the DPF and other applicable laws. If the Company learns that a service provider is using or disclosing Personal Data in a manner contrary to this Privacy Policy, the Company will take reasonable steps to stop and remediate the unauthorized activity. The Company remains liable for unauthorized processing by its service providers to which Personal Data is disclosed, unless the Company proves that it is not responsible for the matter giving rise to the damage.
The Company may be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, the Company will inform the individual before making such disclosure and provide them with a reasonable opportunity to object to such disclosure.
3. Choices for Limiting Certain Uses And Disclosures Of Personal Data
The Company will provide individuals the opportunity to opt out from the following activities in relation to their Personal Data: (a) the disclosure of their Personal Data to a non-agent third party; and (b) the use of their Personal Data for purpose(s) materially different from the purpose(s) for which the Personal Data was originally collected or subsequently authorized by the individual. The Company will provide individuals with clear, conspicuous and readily available mechanisms to exercise their choices should such circumstances arise. Individuals who wish to limit the use or disclosure of their Personal Data should submit their request to dpo_gdpr@brinksinc.com
4. Security For Personal Data
The Company is committed to safeguarding Personal Data. While the Company cannot guarantee the security of Personal Data, the Company takes reasonable precautions to protect Personal Data from loss, misappropriation, and unauthorized access, disclosure and destruction.
The Company utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data. These measures include reasonable and appropriate administrative, physical, and technical safeguards for Personal Data, for example, storage of Personal Data on a secure server when in electronic form and in physically secure areas when in paper form, firewalls and anti-malware protections, and secure destruction practices. Technical and physical controls restrict access to Personal Data to authorized Company employees with a need to know.
5. Individuals’ Rights With Respect to Personal Data
Upon request, in accordance with the DPF Principles, and subject to applicable limitations and exceptions, the Company will grant individuals access to their Personal Data and will permit them to correct, amend or delete their Personal Data that is inaccurate or incomplete or that is being processed in violation of the DPF Principles. Individuals who wish to exercise these rights can do so by contacting the Company at dpo_gdpr@brinksinc.com. For security purposes, the Company may require verification of the requestor’s identity before responding to the request. Any other inquiry concerning the Company’s processing of Personal Data may also be submitted to the e-mail address above.
6. More Information And What To Do If You Have a Complaint
The Company will conduct periodic self-assessments of its relevant practices to verify adherence to this Privacy Policy, the DPF Principles, and the DPF.
In compliance with the DPF Principles, the Company commits to resolve complaints about our collection, use or disclosure of Personal Data. Any individual who has a complaint concerning the Company’s processing of their Personal Data should submit a personal data privacy complaint through the Company’s online platform accessible here, or via email to dpo_gdpr@brinksinc.com. The Company will promptly investigate, and attempt to resolve, such complaints in accordance with this Privacy Policy and the DPF Principles.
The Company has further committed to refer unresolved complaints to JAMS, a U.S.-based independent recourse mechanism. If you do not receive timely acknowledgment of your DPF-related complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for residual claims not resolved by the other DPF mechanisms described above. The Company also is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
Effective Date: May 5, 2025