Privacy Policy - Brink's US

Brink’s Global Privacy Statement

Effective Date: 22nd October 2021

Updated: May 18, 2026

• Introduction
• Personal Information We Collect and How We Collect It, Use It, and Retain It
• How We Share Personal Information
• Consent to Data Transfers
• How We Protect Your Personal Information
• Your Rights and Choices
• Children’s Personal Information
• Job Applicants
• Links to Other Sites
• Updates to this Privacy Statement
• Cookie Policy
• Text Messaging
• How to Contact Us
• Supplemental Privacy Notices

Introduction

The Brink’s Company and its affiliates and subsidiaries (collectively, “Brink’s,” “we,” “our,” “us,” or “the Company”) respect your concerns about privacy and recognize the importance of being transparent about our privacy practices. This Privacy Statement describes the types of personal information (“Personal Information”) we obtain, how we may use and retain that Personal Information, with whom we may share it, and the rights and choices available to you with respect to our use of that information. Personal Information means any information that identifies, relates to, describes, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This Privacy Statement also describes the measures we take to safeguard the Personal Information we obtain and how you may contact us about our privacy practices or to exercise your rights.

The entity that is responsible for the processing of your Personal Information (i.e., the data controller) is the Brink’s affiliate or subsidiary that operates the relevant website or mobile application or provides Brink’s services (“Services”) to you. You can find the contact details of our affiliates and subsidiaries on our website by clicking on a country name at the top of the home page.

If you are a resident of certain jurisdictions within the United States ("U.S."), the European Union ("EU"), European Economic Area ("EEA"), Switzerland, United Kingdom ("UK"), Canada, Brazil, India, the People’s Republic of China, Singapore, or South Korea, you may be entitled to certain individual rights under laws, including but not limited to the California Consumer Privacy Act of 2018 [as amended by the California Privacy Rights Act of 2020 ("CPRA")] (collectively, "CCPA"); any other applicable U.S. privacy laws, as they are amended or become effective, respectively; the General Personal Data Protection Law (“LGPD”); the Personal Information Protection and Electronic Documents Act ("PIPEDA"); the General Data Protection Regulation ("GDPR"); the UK Data Protection Act 2018; the Information Technology Act ("IT Act"); the Personal Information Protection Law (“PIPL”); the Personal Data Protection Act ("PDPA"); and the Personal Information Protection Act (“PIPA”). Please see the Supplemental Privacy Notices section of this Privacy Statement for a description of your rights and how to exercise them.

This Privacy Statement applies to Personal Information we obtain, including:

• Through our websites, social media pages, mobile applications and other digital platforms we operate or control, whether directly or indirectly via third parties, that reference this Privacy Statement (collectively, the “Online Channels”);

• Directly from you and other customers when you use our Services or purchase our products, and through other offline interactions (“Offline Channels”);

• Through third-party sources, including business partners, advertising and social media companies, and vendors; and

• Through other data collection points that reference this Privacy Statement (collectively, the “Channels”).

This Privacy Statement is meant to apply globally but does not override applicable data privacy laws and regulations in countries where the Company operates. Certain Brink’s entities may also use localized variances of this Privacy Statement, which will be displayed on the relevant Channels and available upon request to the local Data Protection Officer.

Personal Information We Collect and How We Collect It, Use It, and Retain It

We collect, use, and retain Personal Information about you in different ways and from various sources. This section describes the types of Personal Information we collect from you or about you and how we use and retain it.

Categories of Personal Information Collected	Sources of the Personal Information	Purposes for Collecting the Personal Information	Retention Period for the Personal Information
Identifiers Examples include but are not limited to name, address, telephone number, e-mail address, and login credentials; in limited instances, we collect Social Security number, driver's license number, passport number, and/or other government identification numbers.	You, analytics tools, social networks, advertising networks, and third-party sources such as resellers, distributors, banks, credit agencies, risk management service providers, couriers, identity verification, cookies and similar technologies, and other third parties that sell, service or support our products and services.	Provide our products and services; marketing and advertising; manage our business relationship and provide customer service; maintain and service your account; improve, upgrade and enhance our products and services; conduct auditing and due diligence; perform accounting, billing reconciliation and other internal business functions; administer promotions; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use.	As long as necessary to fulfill the purposes for the collection. Generally, Personal Information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights.
Internet or Other Electronic Network Activity Information Examples include but are not limited to browsing history, IP addresses, and credentials.	You, analytics tools, social networks, advertising networks, and third-party sources such as resellers, distributors, banks, credit agencies, risk management service providers, couriers, identity verification, cookies and similar technologies, and other third parties that sell, service or support our products and services.	Provide our products and services; marketing and advertising; manage our business relationship and provide customer service; maintain and service your account; improve, upgrade and enhance our products and services; conduct auditing and due diligence; perform accounting, billing reconciliation and other internal business functions; administer promotions; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use.	As long as necessary to fulfill the purposes for the collection. Generally, Personal Information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights.
Professional or Employment-related Information Examples include but are not limited to job title, business address, business email address, and phone number.	You, analytics tools, social networks, advertising networks, and third-party sources such as resellers, distributors, banks, credit agencies, risk management service providers, couriers, identity verification, and other third parties that sell, service or support our products and services.	Provide our products and services; marketing and advertising; manage our business relationship and provide customer service; maintain and service your account; improve, upgrade and enhance our products and services; conduct auditing and due diligence; perform accounting, billing reconciliation and other internal business functions; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use.	As long as necessary to fulfill the purposes for the collection. Generally, Personal Information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights.
Financial and Commercial Information Examples include but are not limited to bank, credit or debit card number, routing number, card verification value (CVV), bank institution name, credit history, company name, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	You, analytics tools, social networks, advertising networks, and third-party sources such as resellers, distributors, banks, credit agencies, risk management service providers, couriers, identity verification, and other third parties that sell, service or support our products and services.	Provide our products and services; marketing and advertising; manage our business relationship and provide customer service; maintain and service your account; improve, upgrade and enhance our products and services; conduct auditing and due diligence; perform accounting, billing reconciliation and other internal business functions; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use.	As long as necessary to fulfill the purposes for the collection. Generally, Personal Information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights.
Biometric Information	You	Provide our products and services; manage our business relationship and provide customer service; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use.	As long as necessary to fulfill the purposes for the collection. Generally, Personal Information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights.
Audio, Electronic, Visual, Thermal, or Similar Information	On premises monitoring equipment, such as closed-circuit television.	Provide our products and services; detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; comply with applicable laws; exercise and defend our legal rights; and other short-term transient use.	As long as necessary to fulfill the purposes for the collection. Generally, Personal Information is retained for the duration of our relationship with you, plus any legally required record or data retention period and/or any period of time necessary to exercise our legal rights.

 

Some of the Personal Information we collect may be considered sensitive Personal Information in some jurisdictions.

We also may ask for and collect Personal Information about other people when you use our Services, such as your organization’s authorized signatory, main contact, and beneficial owners. If you choose to submit any Personal Information relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Statement. The information we request is necessary for the purposes described in the table above. Without this information, we may not be able to provide you with the requested Services.

We may combine data collected from you with other sources to help us improve our products, Services, marketing, and communications, as well as to help expand and tailor our interactions with you. This includes combining Personal Information we obtain through our Online Channels with information we obtain through offline sources, as well as other sources for the purposes described above.

We may anonymize, de-identify, or aggregate Personal Information and use it for the purposes described above and for other purposes to the extent permitted by applicable law. To the extent required by applicable law, we will obtain your consent to do so.

In addition, we may use your Personal Information to comply with our legal obligations, including to comply with and enforce applicable laws and regulations, industry standards, and contractual obligations, as well as our policies and terms and conditions, and to cooperate with law enforcement. We also may use the Personal Information we obtain in other ways for which we provide specific notice at the time of collection and obtain your consent if required by applicable law or contract.

How We Share Personal Information

We will share your Personal Information with Brink’s personnel on a need-to-know basis, including internal legal, compliance, and security experts. We may also share your Personal Information for analytical, processing, and verification purposes. We do this to analyze and optimize our services, verify we are processing complete and accurate information, and for statistical research and analytics. We may share your Personal Information with third parties, including as indicated below.

• Our Affiliates and Subsidiaries. We may share your Personal Information with our parent or affiliates and subsidiaries for the purposes set out in this Privacy Statement.

• Service Providers. We use service providers to help us provide our products and Services and to perform services on our behalf (such as providing security and IT services and support, performing data analysis and analytics, conducting audits, processing payments, assisting with our online advertising activities, fulfilling orders, providing customer service, and performing credit checks). We do not authorize these entities to use or disclose such information except as necessary to perform services on our behalf or to comply with legal requirements.

• Business Partners. We may share Personal Information with unaffiliated third parties who partner with us to deliver our Services or engage in other commercial activities. Depending on the choices you have made and the nature of the joint activity, these third parties may contact you regarding products or services of interest. However, we do not sell your Personal Information to unaffiliated third parties in the traditional ways, such as for their own marketing purposes.

We also may disclose Personal Information about you (1) if we are required or permitted to do so by applicable law, regulation, or legal process (such as a court order or subpoena); (2) to public and government authorities to comply with a legitimate legal request; (3) when we believe disclosure is necessary to prevent physical harm or financial loss to the Company, our employees, our customers, the public, or others as required or permitted by law; (4) to establish, exercise, or defend our legal rights; (5) in connection with an investigation of suspected or actual fraud, illegal activity, security, or technical issues; (6) in the event of a potential or actual sale or transfer of all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation), or other business transaction; and (7) in other ways for which we provide specific notice at the time of collection and obtain your consent to the extent required by applicable law.

Categories of Information Shared

We may share certain categories of your Personal Information with third parties, including as indicated below.

Categories of Personal Information Shared	Categories of Entities with whom We have shared Personal Information	Purposes for Sharing
Identifiers Examples include but are not limited to name, address, telephone number, and e-mail address.	Our affiliates and subsidiaries, business partners, and service providers.	To verify the accuracy of information provided, provide our products and services, provide products and services on our behalf, and perform website analytics.
Internet or Other Electronic Network Activity Information Examples include but are not limited to browsing history and website page views.	Our affiliates and subsidiaries, business partners, and service providers.	To verify the accuracy of information provided, provide our products and services, provide products and services on our behalf, and perform website analytics.
Commercial Information Examples include but are not limited to payment card information.	Our affiliates and subsidiaries, business partners, and service providers.	To verify the accuracy of information provided, provide our products and services, and provide products and services on our behalf.

 

Consent to Data Transfers

We may transfer the Personal Information we collect about you to countries outside of the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Information to other countries, we will implement appropriate safeguards to help ensure that we protect that information as described in this Privacy Statement and in accordance with applicable law.

How We Protect Your Personal Information

We use commercially reasonable and appropriate administrative, technical, and physical safeguards designed to protect the Personal Information you provide us against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. However, no data transmitted over the internet or stored or maintained by us or our third-party service providers can be 100% secure. Therefore, we do not promise or guarantee, and you should not expect, that your Personal Information or private communications will always remain private or secure. We do not guarantee that your information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Personal Information.

If you believe that your Information has been accessed or acquired by an unauthorized person, you should promptly contact us as specified in the “How to Contact Us” section of this Privacy Statement so that necessary measures can quickly be taken.

Your Rights and Choices

Subject to applicable law, you may have certain rights and choices in connection with the Personal Information we obtain about you, such as how we use the information and how we communicate with you.

We provide a Supplemental Privacy Notices section below. To the extent specific privacy laws apply to the collection of your Personal Information, this supplemental section outlines the rights that you may have, and how you can exercise those rights.  

To update your preferences, limit the communications you receive from us, or submit a request, please contact us as specified in the “How to Contact Us” section of this Privacy Statement. You can also unsubscribe from our mailing lists by following the “Unsubscribe” link in our emails.

To the extent provided by the law applicable to our processing of your Personal Information, you may request access to the Personal Information we maintain about you or request that we correct, update, complete, amend, or delete your information, or that we restrict the processing of such information by contacting us as indicated in the “How to Contact Us” section of this Privacy Statement.

To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information or responding to requests related to your Personal Information. To the extent permitted by applicable law, a charge may apply before we provide you with a copy of any of your Personal Information that we maintain.

You may be entitled to use an authorized agent to exercise your right to know, delete, or correct your Personal Information. We will require your authorized agent to provide us with either (1) a power of attorney authorizing the authorized agent to act on your behalf or (2) your written authorization permitting the authorized agent to request access to your Personal Information on your behalf. Further, we will require you or your authorized agent to provide us with identifying information to verify your identity. We may also require you to either verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

If applicable to you, you can exercise your right to opt-out of the sharing of your Personal Information by contacting us as specified in the “How to Contact Us” section of this Privacy Statement; or by asking us to provide you with a hardcopy “Consumer Access Request” form at any of our physical locations that you visit; or by using an opt-out preference signal that meets the following requirements:

• The signal is in a format commonly used and recognized by businesses. An example would be an HTTP header field or JavaScript object.

• The platform, technology, or mechanism that sends the opt-out preference signal makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sharing of their Personal Information.

If we already have information about you when we receive your opt-out preference signal, we will honor your request to opt-out of the sharing of your Personal Information for all of the Personal Information we have collected about you both online and offline. If we do not already have information about you when we receive your opt-out preference signal, we will honor your request to opt-out of the sharing of your Personal Information for all of the Personal Information we have collected about you from the platform or device that sent the opt-out preference signal. Further, we may ask you for additional information necessary to complete your request. Further information regarding opt-out preference signals and how you can use opt-out preference signals can be found at: https://globalprivacycontrols.org.

If applicable to you, you can also exercise your right to limit the use and disclosure of your sensitive Personal Information by clicking the “Limit the Use of My Sensitive Personal Information” link on our website's homepage and completing the interactive online form; or by asking us to provide you with a hardcopy “Consumer Access Request” form at any of our physical locations that you visit.

Children’s Personal Information

Our Online Channels are designed for a general audience and are not directed to children under the age of 18. We do not knowingly collect or solicit Personal Information from children under the age of 18 through our Online Channels. By using our Online Channels, you represent that you are the age of 18 or older. Contact us if you believe that we have mistakenly or unintentionally collected Personal Information from a child under the age of 18 so we can take steps to remove such Personal Information from our systems and/or comply with any applicable legal requirements.

Job Applicants

If you apply for a job at Brink’s, the Personal Information in your application will be used and retained for recruiting, compliance, and other customary human resources purposes. For more information, please see our job applicant privacy notice here.

Links to Other Sites

Our Online Channels may contain links to other sites and apps on the Internet that are owned and operated by third parties. The information practices of those websites and apps linked to our Online Channels are not covered by this Privacy Statement. We are not responsible for the privacy notices of third-party websites or apps to which our Online Channels link. If you provide any information to such third parties, different rules regarding the collection and use of your Personal Information may apply. We strongly suggest you review such third parties’ privacy notices before providing any data to them.

Updates to this Privacy Statement

This Privacy Statement may be updated periodically to reflect changes in our information practices. We will post a notice on our Online Channels to notify you of significant changes to this Privacy Statement and indicate at the top of the Privacy Statement when it was most recently updated. We encourage you to periodically review this Privacy Statement for the latest information on our privacy practices.

Cookie Policy

We use cookies and similar technologies, including web beacons, pixels, and local storage (collectively “Cookies”), on our Online Channels that collect certain information about you by automated means.

A “cookie” is a small text file that websites send to a visitor’s computer or other Internet-connected device to identify the visitor’s browser or to store information or settings in the browser. Cookies are useful because they allow a website to recognize a user's device. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. Web beacons may be used to monitor the number of visitors to a website, to track how users navigate a website, or to count how many emails were actually opened or specific pages or links were actually viewed.

We and/or certain service providers operating on our behalf may use these automated technologies to collect information about your devices, browsing actions, and usage patterns. To the extent that the information collected by our tracking technologies is Personal Information under applicable data protection law, we treat it as Personal Information. The third-party apps, tools, widgets, and plug-ins we may use also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of these features and is subject to the privacy notices of such providers.

We use on our Online Channels both first-party cookies (served directly by our website domain when you visit our Online Channels) and third-party cookies (served by a third-party website when you visit our Online Channels and certain third-party websites with whom we have partnered). Some of these cookies are session cookies (which are automatically deleted when you close your browser) and others are persistent cookies (which remain on your computer or other Internet-connected device for a period of time after you end your browsing session, unless you delete them).

The cookies we use on our Online Channels include functionality cookies (which enable improved website and app performance and an enhanced user experience) and analytics cookies (which help us analyze how you navigate through and use our Online Channels).

Our use of online tracking technologies may be considered a “sale” or “sharing” under certain laws. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under certain laws, you can opt out of these online tracking technologies by contacting us as specified in the “How to Contact Us” section of this Privacy Statement or by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC), on the browsers and/or browser extensions that support such a signal. To download and use a browser supporting the GPC browser signal, click here. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

With respect to analytics cookies, we use third-party analytics services on our Online Channels, such as those of Amplitude and Google Analytics. To learn more about Google Analytics and how to opt out, please visit: https://policies.google.com/technologies/partner-sites.

How to Change Your Cookie Settings

You can stop certain types of cookies from being downloaded on your device by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie, and how to disable existing cookies. The following external links will explain how to manage cookies for the most common browsers:

• Google Chrome

• Microsoft Edge

• Mozilla Firefox

• Microsoft Internet Explorer

• Opera

• Apple Safari

To find out how to manage cookies for other browsers, please click “help” on your browser’s menu or visit www.allaboutcookies.org. In addition, your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers and operators such as us. Our Online Channels respond to “do not track” signals received from browsers. Please note that without cookies or other automated tools we use to collect this type of data, you may not be able to use all the features of our Online Channels.

Text Messaging

As part of Brink’s short messaging service (“SMS” or “text message”) notification program, we collect mobile phone numbers provided by business clients to send operational notifications via SMS. Mobile information is not shared with third parties for marketing or promotional purposes. Text messaging originator opt-in data and consent is not shared with any third parties.

Potential fees for SMS Messaging

Please note that standard message and data rates may apply, depending on your carrier’s pricing plan.

Frequency of SMS Messages

Message frequency varies based on your service activity.

Opt-in Method

You can opt in to receiving SMS messages by entering a business phone number in our online portal.

Opt-out Method

You can opt out of receiving SMS messages at any time. To do so, simply reply “STOP” to any SMS message you receive from us. After unsubscribing, we may send you confirmation of your opt-out via SMS message. Alternatively, you can contact us directly at dataprivacy@brinks.com or 804-289-9600 to request removal from our SMS messaging list.

Help

If you are experiencing any issues or need assistance, you can reply to any SMS message you receive from us with the word “HELP”. Alternatively, you can contact us directly at dataprivacy@brinks.com or 804-289-9600 to seek assistance.

For more information about our SMS program, see our Text Messaging Terms of Service.

How to Contact Us

If you have any questions about this Privacy Statement or would like to exercise your privacy rights under applicable law, please contact us by:

Email: dataprivacy@brinks.com

Phone Call: 804-289-9600 and ask for the Brink’s Privacy Officer.

Send mail addressed to:

The Brink’s Company
PO Box 18100
1801 Bayberry Court
Richmond, VA 23226-8100

You may also contact the Brink’s affiliate or subsidiary that operates this site or application, or which provides the Services to you. You can find a full list of our affiliates and subsidiaries on our website.

Supplemental Privacy Notices

Additional Information for Residents of Certain U.S. States

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to residents of certain U.S. states who may have certain rights and choices regarding their Personal Information under state data privacy laws (all such laws collectively referred to hereafter as “State Privacy Laws”).

To the extent any State Privacy Laws apply to our collection of your Personal Information, this supplemental section of our Global Privacy Statement outlines the individual rights you may be entitled to and how to exercise those rights. We may process sensitive Personal Information, sensitive personal data, and/or sensitive data inferences, as those terms are defined by State Privacy Laws. When we process such data, we do so with your consent. You may exercise the rights below by contacting us as specified in the “How to Contact Us” section of the Global Privacy Statement.

Your Privacy Rights

• Right to Know and Access Specific Information and Data Portability. You may have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm a verifiable consumer request from you, we will disclose to you, to the extent permitted and/or required by law:

• The categories of Personal Information we collected about you, and whether we share your information with third parties.

• The specific pieces of Personal Information we hold about you.

• The categories of Personal Information shared within the last twelve (12) months.

• The categories of sources from which Personal Information about you is collected.

• Our business or commercial purposes for collecting or sharing your Personal Information.

• The categories of third parties with whom your Personal Information is shared or disclosed for a business purpose.

You may have the right to request that the Information described above be provided to you in a commonly used, machine-readable format, to the extent technically feasible.

• Deletion Request Rights. You may have the right to request that we delete the Personal Information that we collected from you, subject to certain exceptions. To the extent that we can delete your Personal Information, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information, unless an exception applies.

• Right to Correct Inaccurate Personal Information. To the extent that we may maintain inaccurate Personal Information, you have the right to request that we correct such inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information. Once we receive and verify your verifiable consumer request, we will use commercially reasonable efforts to correct your Personal Information, if we determine that it requires correcting.

• Sharing of Personal Information and the Right to Opt Out. You may have the right to opt out of the processing of your Personal Information for the following purposes:

  • Targeted Advertising.

  • Sharing of your Personal Information for cross-context behavioral advertising.

  • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

• Right to Limit Use and Disclosure of Sensitive Personal Information. You may have the right to request that we limit the ways we use and disclose your sensitive Personal Information (as defined by State Privacy Laws) to uses which are necessary for us to perform the Services, or deliver the goods reasonably expected by you, or as authorized by law.

• Right to Non-Discrimination. You may have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity. As a result of your data subject request activity, we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level of quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.

• Right to Disclosure of Direct Marketers. You may have a right to the categories and names/addresses of third parties that have received your Personal Information for their direct marketing purposes upon simple request, and free of charge.

• Right to Appeal. You may have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeal request to us by contacting us as specified in the “How to Contact Us” section of the Global Privacy Statement. If you are not satisfied with the results of your appeal, you may contact the Attorney General in your state to file a complaint.

Depending on the State Privacy Law applicable to you, there may be limits on the number of times you may make certain requests outlined above within a twelve (12) month period. In the event you exceed these limits, we may be entitled to charge you a reasonable fee to comply with your request.

Additional Information for Residents of California

This supplemental section of Brink’s Global Privacy Statement applies solely to the Personal Information we collect online and offline of California consumers and B2B customers. This Statement is intended to address the relevant notice requirements of the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”) and uses certain terms that have the meaning given to them in the CCPA. This notice supplements our Global Privacy Statement and is not intended to contradict or limit the applicability of the information provided in the Global Privacy Statement. If we intend to collect, use, retain, or share your Personal Information for any purpose that is incompatible with the purposes for which your Personal Information was collected, we will obtain your consent to do so.

“Sensitive Personal Information” is a subcategory of Personal Information and means Personal Information that reveals: (a) an individual's social security, driver's license, state identification card, or passport number; (b) an individual's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) an individual's precise geolocation; (d) an individual's racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of an individual's mail, email, and text messages unless the Company is the intended recipient of the communication; (f) an individual's genetic data; (g) an individual's biometric information used to uniquely identify the individual; (h) Personal Information collected and analyzed regarding an individual's health; and (i) Personal Information collected and analyzed regarding an individual's sex life or sexual orientation.

Notice of Collection and Use of Personal Information

We may collect the following categories of Personal Information about you: 

• Identifiers including but not limited to your real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers, and similar technology; Brink’s account number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers;

• Additional Data Subject to Cal. Civ. Code § 1798.80 such as signature, state identification card number, bank account number, credit card number, debit card number, and other financial information;

• Commercial Information including but not limited to property records, contract details, account IDs, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies;

• Professional or Employment-Related Information including but not limited to job title, business address, business email address, and business phone number.

• Online Activity such as Internet and other electronic network activity information, including but not limited to, browsing history, search history, and information regarding your personal or business interactions with websites, applications, or advertisements;

• Protected Classifications such as race, color, national origin, age, sex, gender, citizenship status, and military and veteran status, and other characteristics of protected classifications under California or federal law;

• Sensory Information such as audio, electronic, visual, and similar information; and

• Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We may use your Personal Information for the purposes described in this supplemental notice and for certain business purposes specified in the CCPA, as described below.

• Performing Services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services;

• Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;

• Short Term Use, including, but not limited to, the contextual customization of ads shown as part of the same interaction;

• Detecting Security Incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;

• Debugging to identify and repair errors that impair existing intended functionality;

• Internal R&D for technological development and demonstration;

• Safety, including undertaking activities to verify or maintain the quality or safety of a Service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the Service or device that is owned, manufactured for, or controlled by us.

We also may collect additional information or use the information listed above in other ways for which we provide specific notice at the time of collection.

Our Prior Collection, Use, and Disclosure of Personal Information

We may have collected and used your Personal Information, as described in the “Notice of Collection and Use of Personal Information” section of this supplemental notice, during the 12-month period prior to the date this supplemental notice was last updated. For the Personal Information collected during that timeframe, we describe below: (1) the categories of sources from which we may have obtained the Personal Information; (2) the categories of third parties with whom we may have shared the information; and (3) the categories of Personal Information we may have shared.

Sources of Personal Information. We may have obtained Personal Information about you from various sources, including as described below.

• Directly from you (such as when you purchase and use our products or Services; contact us with requests, feedback, or suggestions; or provide product invitations or referrals);

• Your devices (such as when you visit our websites or apps);

• Our affiliates and subsidiaries;

• Our service providers and business partners;

• Unaffiliated third parties with whom we partner to deliver our Services or engage in other commercial activities;

• Government entities, law enforcement authorities, and third-party subpoenas;

• Monitoring equipment at our physical sites; and

• Publicly available sources.

Sharing of Personal Information. We may have shared your Personal Information with certain categories of third parties, as described below, including for the business purposes described above.

• We may have shared the following categories of your Personal Information with our affiliates and subsidiaries: identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information and inferences.

• We may have shared the following categories of your Personal Information with our service providers: identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information, and inferences.

• We may have shared the following categories of your Personal Information with our business partners: identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information, and inferences.

• We may have shared the following categories of your Personal Information with professional services organizations (such as auditors and law firms): identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information, and inferences.

• We may have shared the following categories of your Personal Information with government entities and law enforcement authorities in limited circumstances as described in this supplemental notice: identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information, and inferences.

• We may have shared the following categories of your Personal Information with data analytics providers: identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information, and inferences.

• We may have shared the following categories of your Personal Information with third parties in the event of a corporate transaction, such as an acquisition: identifiers, additional data subject to Cal. Civ. Code § 1798.80, commercial information, online activity, sensory information, and inferences.

However, we do not:

• Share or disclose your Personal Information to third parties other than the entities or service providers contemplated in our Global Privacy Statement or this supplement;

• Share or disclose your Sensitive Personal Information to third parties for purposes other than those listed in our Global Privacy Statement, this supplement, or otherwise permitted by the CCPA;

• Sell your Personal Information to unaffiliated third parties in the traditional ways, such as for their own marketing purposes; or

• Permit third parties to collect your Personal Information on our behalf other than our service providers contemplated in our Global Privacy Statement.

Your Privacy Rights

As a California resident, you have the following privacy rights regarding your Personal Information:

• The right to know and right to access the Personal Information we have collected about you, including the categories of Personal Information; the categories of sources from which the Personal Information is collected; the business or commercial purpose for collecting or sharing Personal Information; the categories of third parties to whom the business discloses Personal Information; and the specific pieces of Personal Information the business has collected about the consumer;

• The right to delete Personal Information that we have collected from you, subject to certain exceptions;

• The right to correct inaccurate Personal Information that we maintain about you;

• The right of portability, or right to have us transfer your Personal Information to other persons or entities upon your request;

• The right to limit the use of your Sensitive Personal Information;

• The right to opt-out of the sharing of your Personal Information to third parties; and

• The right not to be discriminated against for exercising your privacy rights.

You can exercise your right to know, delete, or correct your Personal Information by emailing us at: dpo_ccpa@brinksinc.com or calling us at: (877) 275-4584. To protect the security of your Personal Information, we will require you to verify your identity by providing us with identifying information such as your personal email address, personal telephone number, home address, and/or other information that we can match with the Personal Information we have already collected about you to verify your identity.

You may use an authorized agent to exercise your right to know, delete, or correct your Personal Information. We will require your authorized agent to provide us with either (1) a power of attorney authorizing the authorized agent to act on your behalf or (2) your written authorization permitting the authorized agent to request access to your Personal Information on your behalf. Further, we will require you or your authorized agent to provide us with identifying information to verify your identity. We may also require you to either verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.

You can exercise your right to opt-out of the sharing of your Personal Information by emailing us at: dpo_ccpa@brinksinc.com; or by calling us at: (877) 275-4584; or by asking us to provide you with a hardcopy “Consumer Access Request” form at any of our physical locations that you visit; or by using an opt-out preference signal that meets the following requirements:

• The signal is in a format commonly used and recognized by businesses. An example would be an HTTP header field or JavaScript object.

• The platform, technology, or mechanism that sends the opt-out preference signal makes it clear to the consumer, whether in its configuration or in disclosures to the public, that the use of the signal is meant to have the effect of opting the consumer out of the sharing of their Personal Information.

If we already have information about you when we receive your opt-out preference signal, we will honor your request to opt-out of the sharing of your Personal Information for all of the Personal Information we have collected about you both online and offline. If we do not already have information about you when we receive your opt-out preference signal, we will honor your request to opt-out of the sharing of your Personal Information for all of the Personal Information we have collected about you from the platform or device that sent the opt-out preference signal. Further, we may ask you for additional information necessary to complete your request. Further information regarding opt-out preference signals and how you can use opt-out preference signals can be found at: https://globalprivacycontrols.org.

You can exercise your right to limit the use and disclosure of your Sensitive Personal Information by emailing us at: dpo_ccpa@brinksinc.com; or by calling us at: (877) 275-4584; or by asking us to provide you with a hardcopy “Consumer Access Request” form at any of our physical locations that you visit;

In addition to the privacy rights above, individual California residents have the right under the California Online Privacy Protection Act (CalOPPA) to request information about our disclosures of certain categories of Personal Information to our affiliates or third parties for their direct marketing purposes. We will provide a list of the categories of Personal Information disclosed to third parties or our affiliates for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties or affiliates. This request may be made no more than once per calendar year. Individual California Users must submit their requests to us either by email at: dpo_ccpa@brinksinc.com; or write us at the mailing address in the Changes and Contact section below. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this notice and the Global Privacy Statement.

For additional questions or concerns about our privacy policies and practices, please contact us as described in the “How to Contact Us” section of our Global Privacy Statement.

Additional Information for Individuals Located in Brazil

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to individuals located in Brazil or wherever Brazil's General Data Protection Law (“LGPD”) is applicable.

Brink’s Brazil-based Entities

(i) BRINK'S SEGURANÇAÇA E TRANSPORTE DE VALORES LTDA., a private legal entity, registered with the CNPJ/ME under No. 60.860.087/0001-07, headquartered at Rua José Amato, nº 310, Casa Verde, in the City of São Paulo, State of São Paulo, CEP 02.518-120;

(ii) BVA BRINKS VALORES AGREGADOS LTDA., A PRIVATE LEGAL ENTITY, REGISTERED WITH THE CNPJ/ME UNDER No. 50.891.555/0001-49, headquartered at Rua Marambaia, 183, Casa Verde, in the City of São Paulo, State of São Paulo, CEP 02.513-000;

(iii) BGS - AGENCIAMENTO DE CARGA E DESPACHO ALFÂNDEGA LTDA., a private legal entity, registered with the CNPJ/ME under No. 50.707.702/0001-88, headquartered at Rua Marambaia, 183, Casa Verde, in the City of São Paulo, State of São Paulo, CEP 02.513-000;

(iv) BSL – BRINKS – SOLUÇÕES LOGÍSTICAS LTDA., a private legal entity, registered with the CNPJ/ME under No. 26.193.944/0001-16, headquartered at Rua Silverio Gonçalves, 347, Vila Maria Luisa, in the City of São Paulo, State of São Paulo, CEP 02.754-000;

(v) BRINK'S E-PAGO TECNOLOGIA LTDA., a private legal entity, registered with the CNPJ/ME under No. 07.436.770/0001-20, headquartered at Rua Antonio Artioli, 570, Swiss Park, in the City of Campinas, State of São Paulo, CEP 13.049-253;

(vi) MUITO FACIL ARRECADAÇÃO E RECEBIMENTO LTDA., a private legal entity, registered with the CNPJ/ME under No. 02.789.417/0001-00, headquartered at Rua Antonio Artioli, 570, Swiss Park, in the City of Campinas, State of São Paulo, CEP 13.049-253;

(vii) BRINKS PAY INSTITUIÇÃO DE PAGAMENTO LTDA., a private legal entity, registered with the CNPJ/ME under No. 09.437.293/0001-43, headquartered at Rua Antonio Artioli, 570, Swiss Park, in the City of Campinas, State of São Paulo, CEP 13.049-253;

(viii) TRANSPAR - BRINK'S ATM LTDA, A PRIVATE LEGAL ENTITY, REGISTERED WITH THE CNPJ/ME UNDER No. 43.423.003/0001-40, headquartered at Rua Samarita, 1117, Jardim das Laranjeiras, in the City of São Paulo, State of São Paulo, CEP 02.518-080;

(ix) BRINK'S FINANCE HOLDING BRASIL LTDA, a private legal entity, registered with the CNPJ/ME under No. 46.531.493/0001-97, headquartered at Rua Samarita, 1117, Jardim das Laranjeiras, in the City of São Paulo, State of São Paulo, CEP 02.518-080.

All hereinafter referred to as "We" or "Brinks."

By using our Website and by accepting our terms and conditions, You expressly agree to the Processing of your Personal Data as described in this Policy and that the Controller of Personal Data, i.e. the one responsible for making decisions about the Processing of your Personal Data, will be Brink's, its subsidiaries and all companies belonging to its economic group.

After reading this Policy, if you have questions, complaints, or want to exercise your rights related to your Personal Data and/or communicate with us about this matter, our Data Officer is available. Just access the "Contact Us" section on our Website, select the "I Want to Talk to Someone About" field and then select "Personal Data Protection" available at https://br.brinks.com/pt/contact.

How Data is Processed

The data, including Personal Data, indicated below may be processed when you interact with us on our Website, especially when you submit questions and requests regarding our services through our Service Channel called “Contact Us.”

Data Processed	Purposes of processing
Service Channel Contact Us
Full Name CNPJ Number Business Name Contact phone number Email	Identify and authenticate you. Contact you in case of questions and requests sent through our Service Channel. To expand the relationship between you and Brink’s by informing you about news, features and promotions that we consider relevant to you. To comply with the obligations arising from the use of our services, including to comply with legal and regulatory provisions.
Registration Data
Full name Email	Register yourself in our logged-in area. Identify and authenticate you. To comply with the obligations arising from the use of our services, including to comply with legal and regulatory provisions.
Resume submission Careers
Full name Date of Birth CPF Nationality Full Address Phone Email Gender	Identify and authenticate you. Evaluate your application for vacancies and opportunities at Brink's.
Digital Identification Data
IP address and source logical port Device (OS version) Geolocation Timestamps for actions you take Which screens were accessed Session ID Cookies	Identify and authenticate you on the Site. Comply with legal record-keeping obligations established by the Brazilian Civil Rights Framework for the Internet – Law No. 12,965/2014. Protect you with regard to fraud prevention, credit protection and associated risks, and compliance with legal and regulatory obligations.

 

Your Privacy Rights

When Brink’s acts as a data controller, you are entitled to the following rights:

• Confirmation of the existence of processing of your Personal Data;

• Access to your Personal Data;

• Correction of incomplete, inaccurate, or outdated Personal Data;

• Anonymization, blocking, or elimination of unnecessary or excessive Personal Data or of Personal Data processed in noncompliance with the provisions of applicable law;

• Portability of the Personal Data to other service providers or suppliers of product and services, at the express request, and observing business and industrial secrets, in accordance with the regulation of the controlling body;

• Elimination of the Personal Data processed with the consent of the data subjects, except in the events set forth in article 16 of the LGPD;

• Information of the public and private entities with which the controller carried out the shared use of Personal Data;

• Information on the possibility of not providing consent and on the consequences of the denial; and

• Revocation of consent.

To exercise these rights, or if you believe we are violating your rights, please contact us as specified in the “How to Contact Us” section of the Global Privacy Statement. Alternatively, you can access the "Contact Us" section on our Website, select the "I Want to Talk to Someone About" field and then select "Personal Data Protection" available at https://br.brinks.com/pt/contact. Your request regarding your rights as a data subject may be legally denied in certain circumstances, you may also lodge a complaint with a supervisory authority. In the event that we are unable to comply with these requests, we will provide reasonable justification.

Collection and Use of Personal Information

As described in the Global Privacy Statement, certain personal data is necessary for us to establish, maintain, and improve our business relationships. In addition to the Personal Information listed in the Global Privacy Statement, Brink’s may request your CPF to individualize and verify our relationship with you. The Global Privacy Statement explains the purposes for which we process your personal data, provided that such processing does not infringe your fundamental rights and freedoms.

International Transfers

In accordance with the Global Privacy Statement, your personal data may be transferred to, stored or processed in the United States or other countries that may not have equivalent privacy or data protection laws. The Data processed will be stored on servers located in Brazil, as well as in a resource use environment or servers in the cloud, which may require processing of this Data outside Brazil. In general, we use specific contractual clauses as required by the LGPD to ensure that Personal Data is adequately protected when transferred outside of Brazil to countries without an appropriate level of data protection.

Where we provide the Brink’s Brazil Privacy Statement for a particular product, service, or activity, the terms of that statement will control. For more specific information about our privacy practices under the LGPD, see the Brink’s Brazil Privacy Statement located here.

Data Retention

The Personal Data processed and associated activity records are stored in a secure and controlled environment for a minimum period of time that follows the table below:

Storage Term	Legal Basis
As long as the relationship lasts and there is no request for erasure or revocation of consent	Article 9, item II, of the General Law for the Protection of Personal Data
5 years after the end of the relationship	Article 27 Consumer Protection Code
6 months for digital identification data	Article 15 of the Brazilian Civil Rights Framework for the Internet

 

For auditing, security, fraud control, and rights preservation purposes, Brink's may keep the registration history of your Data for a longer period in cases that the law or regulatory standard so establish or for the preservation of rights.

Contact Us

You may contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

Alternatively, you may contact us through the following channels:

• Call Center: (11) 93000-1051 (phone and chatbot);

• Email: faleconosco@brinks.com.br; imprensa@brinks.com.br; or https://br.brinks.com/contact; or

• Personal Data Protection Officer: Mr. Carlos Eduardo Jacinto de Silva, available through the email dpo@brinks.com.br and at the address below:

Rua Samaritá, 1.117 – 5th floor, Centro Empresarial Limão
Jd. das Laranjeiras – CEP: 02518-080
São Paulo/SP

Additional Information for Individuals Located in Canada

This supplemental section of Brink’s Privacy Statement is directed at and applies to individuals located in Canada, or where applicable Canadian data protection laws apply (such as the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Alberta’s Personal Information Protection Act, British Columbia’s Personal Information Protection Act, and Quebec’s Act Respecting the Protection of Personal Information in the Private Sector).

Your Privacy Rights

If you are visiting the website from Canada or where applicable Canadian data protection laws so provide, you may exercise the following rights regarding your Personal Data:

• Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain related information.

• Rectification. You have the right to request the amendment of inaccurate Personal Data and to have incomplete data completed. When Brink’s has implemented a rectification or amendment, Brink’s will notify those third parties that have received the Personal Data in the last year to also rectify the Personal Data. If Brink’s contests the request to rectify, Brink’s will also notify third parties that have received the applicable Personal Data in the last year of the request to rectify and that Brink’s has contested the rectification.

• Erasure. (Note: This right is provided to individuals located in Quebec) You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent, and no other legal grounds for the processing exists.

• Right to lodge a complaint. You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (or appropriate province specific authority), in particular in the jurisdiction of your residence, or the location where the issue that is the subject of the complaint occurred.

• Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.

• Right to Access our Privacy related policies and procedures. You have a right to access and examine some of our privacy program policies and procedures, particularly those that contain the following information:

  • The name or title and the address of the personnel responsible for Brink’s policies and practices and to whom complaints or inquiries can be forwarded;

  • The means of gaining access to Personal Data held by Brink’s;

  • A description of the type of Personal Data held by the organization, including a general account of its use;

  • A copy of any brochures or other information that explains Brink’s policies, standards, and codes; and

  • What Personal Data is made available to Brink’s affiliates or related companies.

You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data or withdraw consent to this Privacy Statement, you can contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

The requests above will be considered and responded to in thirty (30) days. Brink’s may need to expand this time for an additional thirty (30) days in limited circumstances. Brink’s will notify you if we are required to use that expanded time. Note, certain Personal Data may be exempt from such requests. We may require additional information from you to confirm your identity in responding to such requests.

You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (or appropriate province specific authority) applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

Additional Information for Residents of Europe

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to individuals located in the European Union ("EU"), United Kingdom ("UK"), Switzerland, or where applicable EU data protection laws (e.g., the General Data Protection Regulation ("GDPR"), Data Privacy Framework ("DPF") and the UK Data Protection Act 2018) apply.

Table of Contents:

• International Transfers of Your Personal Data

• Data Privacy Framework Statement

  • Notice

  • Choice

  • Accountability for Onward Transfer

  • Security

  • Data Integrity and Purpose Limitation

  • Access

  • Recourse, Enforcement and Liability

• EU Representative

International Transfers of Your Personal Data

As provided in the Global Privacy Statement and Data Privacy Framework Privacy Policy, Brink’s collects various forms of Personal Data for various purposes.

By using the website or providing Personal Data to Brink’s, your Personal Data may be transferred to the United States, where Brink’s is headquartered, or to other Brink’s locations where we carry out our support activities. Your country's laws governing data collection and use may differ from those in the United States or other Brink’s locations. Some of the entities with whom we share your Personal Data, as described above in the Global Privacy Statement, are also located in countries whose laws have not been deemed by the European Commission to provide the same level of protection to your Personal Data. Only a small number of countries have been officially recognized by the European Commission as providing an adequate level of protection. Transfers to Brink’s entities and others located in countries outside the European Economic Area ("EEA"), UK, or Switzerland take place on the basis of an adequacy finding by the relevant authority (i.e., European Commission, Swiss Federal Data Protection and Information Commissioner ("FDPIC"), UK Information Commissioner's Office ("ICO") or other competent supervisory authority), EU Standard Contractual Clauses (or other standard contractual clauses approved by a competent supervisory authority), or other appropriate GDPR or applicable law derogations, including the EU-U.S. Data Privacy Framework, Swiss-US Data Privacy Framework, and UK Extension to the EU-U.S. Data Privacy Framework.

Data Privacy Framework Statement

This Data Privacy Framework Statement ("DPF Statement"), and the sections that follow, describe Brink’s standards and procedures when handling Personal Data transferred from the European Economic Area ("EEA"), the United Kingdom (and Gibraltar) and Switzerland to the U.S. in accordance with Brink’s obligations under the Data Privacy Framework. This statement supplements our Global Privacy Statement, and the terms in this DPF Statement have the same meaning as in our Global Privacy Statement. If there is any conflict between the terms in this Privacy Statement and the Data Privacy Framework Principles related to Personal Data transferred in reliance on our Data Privacy Framework certification, the Data Privacy Framework Principles shall govern.

Brink’s complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Brink’s has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the EU and the UK in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Brink’s has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this supplemental notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Brink’s entities and subsidiaries that adhere to the DPF principles:

• Brink's, Incorporated

• Brink's Complete Holding Company LLC

• Brink's Myanmar, Limited

• Testlink USA Inc.

• Brink's Holding Company

• Brink's Delaware, LLC

• Brink's C.I.S., Inc.

• Brink's Global Services International, Inc.

• The Brink's Company Political Action Committee

• The Brink's Foundation

• Brink's Global Services USA, Inc.

• Brink's Vietnam, Incorporated

• Brink's Finance Holding Company, LLC

• Brink's Cambodia, Inc.

• Brink's Global Payments, LLC

• BAX Holding Company

• Brink's Administrative Services Inc.

• Brink's Brokerage Company, Incorporated

• Brink's Network, Incorporated

• Brink's AR LLC

• Brink's International Management Group, Inc.

• Brink's Capital Holding Company, LLC

• Brink's Capital LLC

• Brink's Security International, Inc.

• PAI Digital, LLC

• PAI Midco, Inc.

• Payment Alliance International, Inc.

• Payment Alliance Processing Corporation

• Vantage Technical Services, Inc.

• Brink’s ATM Operations East, Inc.

The Federal Trade Commission has jurisdiction over Brink’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Notice

The foregoing information, in addition to the Global Privacy Statement, further outlines Brink’s commitment to compliance with the DPF Principles and provides you notice of specific information pertinent to you under the Data Privacy Framework.

Choice

You have the opportunity to opt out if your Personal Data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Where use or transfer involves sensitive information, you must opt-in before Brink’s will use or transfer such information.

Accountability for Onward Transfer for Personal Data

Brink’s may transfer Personal Data for the purposes described in the Brink’s Global Privacy Statement to a third party as a data controller or as an agent. In such an event, Brink’s will comply with and protect Personal Data as provided for in the Accountability of Onward Transfer Principle of the Data Privacy Framework. Brink’s remains responsible for the processing of Personal Data received under the Data Privacy Framework and then transferred to a third party acting as an agent if that party processes Personal Data in a manner inconsistent with the Data Privacy Framework and its principles, unless Brink’s demonstrates that we are not responsible for the event resulting in damage.

Security

Brink’s takes reasonable and appropriate measures to protect Personal Data and takes into account the risks involved in processing and the nature of the Personal Data it maintains, in order to protect against loss, misuse, and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation

Any Personal Data Brink’s collects may be used for the purposes indicated below or in our Global Privacy Statement or otherwise notified to you. We will not process Personal Data in a way that is incompatible with these purposes unless authorized by you.

The lawful basis for our processing of your Personal Data will depend on the purposes of the processing. For most Personal Data processing activities covered by this Privacy Statement, the lawful basis is that the processing is necessary for our legitimate business interests. Where we process Personal Data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. If we are required to share Personal Data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your electronic device.

Depending on what Personal Data we collect from you and how we collect it, we may also rely on various grounds for processing your Personal Data, including the following reasons:

• Processing on the basis of legitimate business interests. When we process Personal Data on the basis that the processing is necessary for our legitimate business interests, such interests include: (i) providing, improving, and promoting our Services; (ii) communicating with current and potential customers, other business partners, and their individual points of contact; (iii) managing our relationships with our customers and other business partners, and their individual points of contact; (iv) other business development purposes; (v) sharing information within Brink’s, as well as with service providers and other third parties; (vi) maintaining the safety and security of our products, Services, and employees, including fraud protection; and (vii) managing contracts.

• Processing on the basis of consent. Examples of processing activities for which we may use consent as its legal basis include: (i) collecting and processing precise location information from your electronic device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing Personal Data on Brink’s Services through cookies and similar technologies when consent is required by applicable law.

• Processing because we are under a legal obligation to do so. Examples of situations in which we must process Personal Data to comply with our legal obligations include: (i) providing your Personal Data to law enforcement agencies and other governmental bodies when required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.

If the processing of your Personal Data is based on your consent, the GDPR and Data Protection Act 2018 also allow users the right to access, revoke, or modify your consent at any time. Please contact us at dpo_gdpr@brinksinc.com to review or modify your consents.

Retention

We will retain your Personal Data for as long as needed for the purposes described in this Privacy Statement. More specifically, the time we maintain your Personal Data depends on the following factors:

Whether we need the Personal Data to provide the Services. We will maintain any data needed to provide you with the Services, such as contact information and payment or transaction information, for as long as needed for us to provide you with the Services, respond to your questions and requests, and/or administer your account (if applicable).

• Whether we need the Personal Data to comply with our legal obligations. We may have legal obligations to maintain your Personal Data where a legal or regulatory body may ask for it in the future, for example in response to a data subject request or complaint. This information may include contact information and location information.

• Whether we need the Personal Data for a legitimate business interest. We may store Personal Data like contact information, cookies, and location information in order to perform analytics, troubleshoot errors, or improve our Services. In any event, we delete the Personal Data when it is no longer needed for our legitimate interests.

Regardless of our reason for retaining your Personal Data, we delete all Personal Data in accordance with our routine record keeping policies.

Your Privacy Rights

If you are visiting the Website from the EU, UK, or Switzerland or where applicable EU data protection laws so provide, you may exercise the following rights regarding your Personal Data:

• Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain information in this regard.

• Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.

• Objection. You have the right, when we process Personal Data on the grounds of legitimate interests, to object to the processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. In addition, you have the right to object at any time where your Personal Data is processed for direct marketing purposes.

• Portability. You may receive your Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit them to other data controllers without hindrance. This right only exists if the processing is based on your consent, or a contract and the processing is carried out by automated means.

• Restriction. You may request to restrict processing of your Personal Data (i) while we verify your request – if you have contested the accuracy of the Personal Data about you which we hold; (ii) if the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) if we no longer need it, but you tell us you need it to establish, exercise, or defend a legal claim; or (iv) while we verify your request if you have objected to processing based on public or legitimate interest.

• Erasure. You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal grounds for the processing exists, you objected and no overriding legitimate grounds for the processing exist, the processing is unlawful, or erasure is required to comply with a legal obligation.

• Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in the jurisdiction of your residence, or the location where the issue that is the subject of the complaint occurred.

• Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.

You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data, withdraw consent to this Global Privacy Statement, or exercise any of the above European Privacy Rights you can contact us at dpo_gdpr@brinksinc.com.

The requests above will be considered and responded to in the time period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at dpo_gdpr@brinksinc.com.

Recourse, Enforcement and Liability

In compliance with the Data Privacy Framework, Brink’s is committed to resolving complaints related to the DPF and our collection or use of Personal Data. If you are in the EU, UK or Switzerland and have a complaint regarding our processing of your Personal Data, please contact us at dpo_gdpr@brinksinc.com.

Brink’s has further committed to refer unresolved complaints to JAMS, a U.S.-based independent recourse mechanism. If you do not receive timely acknowledgment of your DPF-related complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Additional Information for Individuals Located in India

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to individuals located in India, when Digital Personal Data Protection Act, 2023, Information Technology Act, 2000 and Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Information Technology Rules”) apply.

International Transfers of Your Personal Data

By using the website or providing Personal Data to Brink’s, your Personal Data may be transferred to the United States, where Brink’s is headquartered, or to other Brink’s locations where we carry out our support activities. Your country’s laws governing data collection and use may differ from those in the United States or other Brink’s locations. When transferring your Personal Data or Sensitive Personal Data, Brink’s will only transfer the information when you have provided your consent, or it is necessary to fulfill contractual obligations. Brink’s will require equal protections be applied to any Personal Data or Sensitive Personal Data transferred outside of India. Please contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

Sensitive Data

We may collect Sensitive Personal Data about you with your consent, which may include:

• Financial and billing information;

• Any detail relating to the above clause as provided to Brink’s for providing Services; and

• Any of the information received under above clauses provided to Brink’s for processing, stored or processed under lawful contract or otherwise.

Information that is freely available or accessible in public domain shall not be regarded as Sensitive Personal Data.

Your Privacy Rights

If you are visiting the website from India or where applicable India data protection laws so provide, you may exercise the following rights regarding your Personal Data and Sensitive Personal Data:

• Access. You have the right to obtain, access, and review the Personal Data and Sensitive Personal Data Brink’s has collected about you.

• Rectification. You have the right to request the rectification of inaccurate Personal Data and Sensitive Personal Data when feasible.

• Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain collection and use of your Personal Data or Sensitive Personal Data, you are free to refuse to give consent and you can withdraw your consent.

• Right to nominate. You have the right to nominate another individual to exercise your rights on your behalf in case of death or loss of capacity.

You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data or withdraw consent to this Privacy Statement, you can contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

The requests above will be considered and responded to in the time-period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

Lawful Basis for Processing Your Personal Data

We will only collect, use, and disclose your Personal Data or Sensitive Personal Data with your consent or when there is a lawful basis for such activities. Some lawful bases may include:

• Processing on the basis of performance of a contract. Examples of situations in which we process Personal Data as necessary for performance of a contract include transactions in which you purchase a security service from us.

• Processing on the basis of consent. Examples of processing activities for which we may use consent as its legal basis include: (i) collecting and processing precise location information from your electronic device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing Personal Data on Brink’s Services through cookies and similar technologies when consent is required by applicable law.

• Processing for Employee Management. Examples of processing activities for employee management may include activities related to recruitment, hiring, management of employee benefits, and termination of employees.

• Processing because we are under a legal obligation to do so. Examples of situations in which we must process Personal Data to comply with our legal obligations include: (i) providing your Personal Data to law enforcement agencies and other governmental bodies when required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.

Additional Information for Individuals Located in Singapore

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to individuals located in Singapore and subject to the Personal Data Protection Act 2012.

Your Privacy Rights

If you are visiting the website from Singapore or where applicable Singapore data protection laws so provide, you may exercise the following rights regarding your Personal Data:

Access/Receive. You have the right to obtain from Brink’s and review some of the Personal Data Brink’s has collected about you and be informed of the ways your Personal Data has been used or disclosed to organizations within a year before the date of request. The right to access your Personal Data may be limited if fulfillment of the right would:

• Threaten the safety or physical or mental health of an individual other than the individual who made the request;

• Cause immediate or grave harm to the safety or the physical or mental health of the individual who made the request;

• Reveal Personal Data about another individual (unless the data was originally provided by you);

• Reveal the identity of an individual who has provided Personal Data about another individual and the individual providing the Personal Data does not consent to the disclosure of his or her identity (unless the data was originally provided by you); or

• Be contrary to the national interest.

Brink’s is not required to include in your access request information that is:

• Opinion data kept solely for an evaluation purpose;

• About any examination conducted by an education institution, examination scripts and, prior to the release of examination results, examination results;

• Personal Data which is subject to legal privilege;

• Personal Data which, if disclosed, would reveal confidential commercial information that would, in the opinion of a reasonable person, harm the competitive position of the organization;

• Personal Data collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration;

• The Personal Data was collected as part of an evaluation of privacy risks as outlined in Schedule 1, Section 3 of the Personal Data Protection Act; or

• The request is for Personal Data that cannot be found/does not exist, the request would unreasonably interfere with Brink’s operations, or it would be frivolous or expensive to the point that it outweighs the requestor’s interest.

Correction. You have the right to request the correction of inaccurate Personal Data when feasible. When Brink’s corrects Personal Data per your request, it will with your consent send the corrected data to third parties to which the Personal Data has been disclosed in the previous year. If Brink’s does not agree to make the correction, it will annotate the Personal Data with the request.

The right to correct does not apply to data that Brink’s collects when:

• It is opinion data kept solely for an evaluation purpose;

• It is data kept for any examination conducted by an education institution, examination scripts and, prior to the release of the examination results, examination results; or

• It is derived Personal Data.

Right to withdraw consent. Please note that in the event we ask for your consent, you have the right to withdraw consent of Brink’s collection, use, or disclosure of your Personal Data. We will inform you of possible consequences for withdrawing consent. The ability to withdraw consent may be limited by Brink’s requirements to retain your Personal Data or to comply with applicable law.

If you wish to withdraw consent to the Global Privacy Statement, you can contact us as specified in the “How to Contact Us” section of the Global Privacy Statement.

The requests above will be considered and responded to in the time period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us as specified in the “How to Contact Us” section of this Privacy Statement

Additional Information for Individuals Located in the People’s Republic of China 

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to individuals located in the People’s Republic of China (PRC), when the Personal Information Protection Law (“PIPL”) applies.

Brink’s PRC entity responsible for Personal Information handling:

Brink’s Security Transportation (Shanghai) Company Limited
Room 807-809, No. 969 Dong Fang Road
Grand Soluxe Zhongyou Hotel
Shanghai, China

Collection and Use of Personal Information

As described in the Global Privacy Statement, certain Personal Information is necessary for us to establish, maintain, and improve our business relationships. If and to the extent we process your Sensitive Personal Information (defined as information that, if leaked, may easily lead to the infringement of personal dignity of a natural person or endanger their personal safety or property) under PIPL, we may inform you of the specific categories involved, the necessity of such processing, and the impact on your rights, and obtain separate consent where required by law. 

Purposes and Legal Bases of Collection 

Under PIPL, we rely on one or more of the following legal bases for processing your Personal Information: 

• Your consent; 

• Necessity for the conclusion or performance of a contract to which you are a party, or for human resources management in accordance with lawfully formulated labor rules and collective contracts; 

• Necessity for the performance of statutory duties or legal obligations; 

• Necessity to respond to public health emergencies or to protect life, health, or property in an emergency; 

• Processing conducted within a reasonable scope for news reporting, public opinion supervision, or other activities in the public interest as provided by law; 

• Processing of Personal Information that you have publicly disclosed or that has been otherwise lawfully disclosed, within a reasonable scope and as permitted by law; and 

• Other circumstances provided for in laws and administrative regulations. 

Where we rely on your consent or separate consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal. 

Separate Consent and Sensitive or High-Risk Processing

In situations where PIPL requires “separate” (unbundled) consent, we will obtain such consent through a clear, specific mechanism. This may include: 

• Processing of Sensitive Personal Information; 

• Providing Personal Information to other Personal Information processors; 

• Making Personal Information public; 

• Cross-border transfers of Personal Information; and 

• Using image or identification information collected in public places for purposes other than public security, where applicable. 

International Transfers

Where we provide your Personal Information outside PRC, we do so in compliance with PIPL and related regulations. Depending on our role and data volumes, this may involve undergoing security assessments, entering into standard contracts, obtaining certification, or using other mechanisms recognized by competent authorities. 

Before transferring Personal Information overseas, we will inform you, in a clear and prominent manner, of at least the following as required by Article 39 of PIPL: 

• The name and contact details of the overseas recipient; 

• The purposes and methods of processing by the overseas recipient; 

• The types of Personal Information provided; and 

• How you can exercise your rights under PIPL with respect to the overseas recipient. 

Your Privacy Rights

Under PIPL, and subject to applicable conditions and exemptions, you may have the following rights with respect to your Personal Information: 

• Right to be informed about processing activities; 

• Right to decide and to give or withhold consent; 

• Right to withdraw consent; 

• Right to access and obtain copies of your Personal Information; 

• Right to correct or supplement inaccurate or incomplete Personal Information; 

• Right to request deletion of your Personal Information in circumstances provided by law; 

• Right to request explanation of our Personal Information processing rules; 

• Right to restrict or refuse certain processing activities, including automated decision-making in specified circumstances; and 

• Right to request transfer (portability) to another Personal Information processor where conditions set by authorities are met. 

To exercise your rights, please contact us as specified in the “How to Contact Us” section of our Global Privacy Statement and clearly describe your request and, where necessary, provide information for identity verification. We will respond within the period required by applicable law and will explain the reasons if we are unable to fully meet your request, as permitted by law. 

Additional Information for Individuals Located in South Korea

This supplemental section of Brink’s Global Privacy Statement is directed at and applies to individuals located in South Korea, when the Personal Information Protection Act (“PIPA”) applies.

Collection and Use of Personal Information

As described in the Global Privacy Statement, certain Personal Information is necessary for us to establish, maintain, and improve our business relationships.

Purposes and Legal Bases of Collection

We process your Personal Information for the purposes described in the Global Privacy Statement, and to the minimum extent necessary for those purposes.

International Transfers

Your Personal Information may be transferred to and stored in countries outside South Korea where our service providers operate, including countries that may have different data protection laws than those in South Korea. Where PIPA requires separate consent for an overseas transfer, we will provide information including the items of Personal Information to be transferred, the destination country, the date and method of transfer, the recipient’s name and contact information, the recipient’s purpose of use and retention period, and how to refuse consent and the resulting consequences, and we will obtain your consent before transfer.

Your Privacy Rights

Under PIPA, and subject to applicable conditions and exemptions, you may have the following rights with respect to your Personal Information:

• The right to be informed of the processing of such Personal Information;

• The right to consent or not, and to elect the scope of consent, to the processing of such Personal Information;

• The right to confirm the processing of such Personal Information, and to demand access to such Personal Information;

• The right to suspend processing of, and to make correction, deletion, and destruction of such Personal Information; and

• The right to appropriate redress for any damage arising out of the processing of such Personal Information in a prompt and fair procedure.

To exercise your rights, please contact us as specified in the “How to Contact Us” section of our Global Privacy Statement and clearly describe your request and, where necessary, provide information for identity verification. We will respond within the period required by applicable law and will explain the reasons if we are unable to fully meet your request, as permitted by law.