Skip to Content

Privacy Statement

About us

Brinks Estonia OÜ  is a part of The Brink’s Company, a publicly listed company (NYSE:BCO). Brink’s is active in 100 countries and operating from 52 countries with more than 76.500 total employees. By working together with stores, banks, and partners, Brink’s develops payment solutions by utilising our expertise in terms of entrepreneurship, payment, technology and security in a smart, interconnected way. 

Brink’s is committed to safeguarding your privacy by protecting your personal data and ensuring that it is handled and stored securely. This privacy statement describes how we, in accordance with the General Data Protection Regulation (GDPR), collect some of your personal data during your visit to this website and when using our services. 
We request you read this statement closely, as it contains important information about who we are, how and why we collect, store, use and share personal data, about exercising your data subject rights. And how to contact us or the relevant supervisory authority in case you have a question or a complaint. 

When Brinks Estonia OÜ collects and uses your personal data, we act as a data controller, and as such we have to comply with the GDPR, which applies across the EU. As data controller, we are responsible for applying this legislation to our use of your personal data. 

Contact information:

Data controller:

Brink's Estonia OÜ


 Paldiski mnt 80

Postal code:


Place of Establishment:

 Tallinn, Estonia (EE)

Data Protection Officer (DPO):

Personal Data we collect and use:

‘Personal data’ refers to all information relating to a person which can be used to identify them, either directly or indirectly.

We process your personal data exclusively on the following legitimate bases: 

  • Based on your explicit consent. You reserve the right to withdraw your consent at any time;
  • To serve our legitimate interests, it is possible that Brink’s processes personal data to safeguard the performance of the website;
  • In order to comply with legal obligations;
  • In order to perform a contract to which you are a party or to prepare a contract. 

Purpose and categories of data processing:

When you are visiting our website, we may process the following personal data in order to be able to provide the corresponding services. We process your data to facilitate providing a functioning website, to be able to send newsletters, to enter into contact with interested parties, and to establish an adequate level of security of processing. 

Newsletter: if you choose to subscribe to our newsletter, we process the following personal data: 

  • Name (firstname, lastname);
  • Email address;
  • Company name (optional);
  • Gender (optional).

Contact form: if you send us a message by using the contact form on our website, we process the following personal data: 

  • Name;
  • Email address;
  • Company name (optional).

Interest form: if you send us a message by using the interest forms on our website, we process the following personal data: 

  • Name (firstname, lastname);
  • Email address;
  • Phone;
  • Company name (optional);
  • Gender (optional)

Becoming a client: if you are interested in utilising any of our services, we process the following personal data:

  • Name (firstname, lastname);
  • Gender (optional)
  • Phone number;
  • Email address: we send you a link in order to complete the registration process, which is valid for 16 days. This link will lead you to a secure portal, where you will be asked to provide the following additional information:
  • Company name;
  • Billing address; 
    Operational information, such as opening hours;
  • ID-information of your organisation’s authorised signatory for verification purposes;
  • Bank account information of the organisation.  

    We use the above mentioned information to complete your registration and to provide and bill the enlisted services. Additionally, as a financial service provider, Brink’s is subject to sector-specific legislation, including anti-money-laundering legislation. 

Other parties

In order to provide our services, we sometimes share your data with third parties in their capacity as processors. We conclude data processing agreements with those third parties to guarantee that your data is being processed legitimately. These processors could be the e-mail client, the host of the website, the host of the CRM system and marketing agencies. .

We don’t share your data with other parties without explicit consent or a legal obligation to share it.


When using our website, we use cookies that are necessary to make our website functional. These cookies are active by default and cannot be switched off. Additionally, we use analytical cookies that we use to gain insight in how users use our website, by anonymously collecting and reporting data. These cookies are only active if you consent to them. We also use cookies that allow us to save your preferences, such as your preferred language or your region. These are also only active if you give your consent. Finally, we use marketing cookies, which are used to track user behaviour across websites. By using these, we can provide users with personalised advertising that is more relevant to individual users. Again, these are only active if consent is given.  

See our cookiepolicy for more information.

Data subject rights

Under the GDPR, you as a data subject enjoy certain rights. These rights are listed and explained below. If you want to exercise any of your rights, please contact our DPO (see: contact information at the top of this privacy statement). 

Right of access: you have the right to request a copy of your personal data. This copy includes information about the purposes for the processing, for how long and where the data is stored and to whom we provide this information.

Right to rectification: if you believe any of the personal data we process of you is incorrect or incomplete, you have the right to request rectification. 

Right to erasure: in certain situations, you have the right to have your personal data erased. This might be the case if the data is processed illegally, if the processing is no longer necessary, or if you revoke your consent. Our DPO will assess whether your request is valid or whether there is a legal requirement to retain the data. 

Right to restrict the processing: in certain situations, you have the right to request to temporarily restrict processing (part of) your personal data, for instance because you question whether the information is correct or because you believe retaining the data is no longer necessary. 

Right to object: when we process personal data for our legitimate interest, you have the right to object to the processing. We will consider your objection and assess whether the data processing affects you significantly enough for us to cease processing your personal data.   

Right to data portability: you have the right to request us to directly transfer your personal data to you. This applies to personal data we process with your consent or based on performance of a contract. 

Right to issue a complaint: you have the right to issue a complaint about our processing of your personal data to our DPO.

If Brink’s is not handling your request well, you can also file a complaint with the Estonian Data Protection Authority: 

Autoriteit Persoonsgegevens

  • Tatari 39, Tallin 10134

We don’t make profiles of our website visitors. Therefore the right with regard to automated individual decision-making is not applicable.

Retention periods

In accordance with the GDPR, we follow the principle that we do not store personal data for longer than necessary for the purposes for which the data has been collected. Sometimes a (minimum) legal retention period applies we have to comply with, for instance for tax purposes. In such cases, it is not possible to exercise your right to erasure. 

For cookies, you can check the retention period for each different type of cookie by clicking “details” in the cookie preferences banner. 

Data transfers

As a controller, we take steps to ensure that your personal data is stored and processed inside the European Economic Area and is not transferred to third countries in the absence of an adequacy decision or Binding Corporate Rules. However, we cannot fully guarantee that no personal data is transferred to third countries such as the U.S., where Brink’s headquarters located. Our processing agreements have been concluded in such a way so as to minimise this risk, for instance by including Standard Contractual Clauses. 

We have an Intra-group personal data transfer agreement in place. The purpose of this agreement is to secure your data within the Brink’s group.

Information security

Brink’s has the responsibility to make sure your personal data is processed in a secure manner. To that end, Brink’s has implemented appropriate technical and organisational measures to ensure an appropriate level of security to the risks. These measures include, among others, making sure your connection to this website is secure and that the newsletter is sent securely. 

Is this statement ever going to change?

Brink’s may change this privacy statement. We will make an announcement of such a change on our website. If Brink’s wants to substantially change the purposes of processing, and the processing is based on your consent, Brink’s will again ask for consent for those new purposes. The old version of our privacy statement can be found here.

Version: June 2023.