Privacy policy

Last modified on [25/06/2025]

Auric (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information.

This privacy statement (the “Privacy Statement”) describes how we collect, use, and share your Personal Data when you use our website, products, and services. It applies to both our website www.auric.cloud (the “Website”) and to payment cards issued by us (the “Card”) and related services (collectively the “Services”), including card application, identity verification, issuance, transaction execution, fraud detection, customer support, and complaint handling. We ensure that your Personal Data is processed securely and lawfully, and always in accordance with applicable data protection laws.

We encourage you to read our Privacy Statement carefully and contact us with any questions at dpo@auric.cloud.

All capitalized designations not defined in this Statement have the meaning as defined in the General Data Protection Regulation.

Who we are

Bonsai BV

Jules Destréelaan 63B

9050 Ghent

Belgium

Company number 663.774.859

E-mails: support@auric.cloud and dpo@auric.cloud

Changes

This Privacy Statement may be updated and modified in the future, which will be made clear through the change of date at the top of this Privacy Statement. It is up to you take this Privacy Statement into account. Any substantial change will be communicated.

Who processes your Personal Data?

Auric is a Controller for the processing of your Personal Data that we collect through the Website, through contact requests, from job applicants, etc. Furthermore, Auric is a Controller for the processing of your Personal Data that we collect through our partners that make use of our Services.

What Personal Data do we process from whom, and for what purposes?

We process various types of Personal Data. Personal Data (among others) listed below may be processed by us.

Users of our Services

Personal Data Collected Full name, date of birth, nationality, place of birth, address, email address, phone number, government-issued ID details (e.g., ID card or passport number, expiry date, and issuing authority), identity verification data, card number, linked funding source details, transaction data (including merchant name, amount, date, location, currency, and merchant type), card usage history, PIN setup and status (if applicable), IP addresses, browser and device data, authentication logs, security settings, communication history with customer support, complaint details, and marketing preferences (if applicable).
Purpose We process this Personal Data to verify your identity and eligibility, issue and manage your Card, execute transactions, comply with anti-money laundering and payment services legislation, detect and prevent fraud or misuse, enable customer support and complaints handling, allow you to manage your Card via the relevant platform, and administer applicable fees, exchange rates, and loyalty benefits. Your Personal Data is also used to fulfil our contractual obligations under the Card Terms and to comply with legal and regulatory requirements.
Basis Performance of the contract (Card Terms), compliance with legal obligations (e.g., anti-money laundering, financial regulation, identity verification), and our legitimate interests (e.g., operational security, fraud prevention, customer support). Where required, specific processing activities (such as marketing preferences or loyalty program participation) are based on your consent.

Visitors to the Website

Personal Data Collected Personal data related to visiting the Website, such as IP address, browser type, browser version, the pages of the Website you visit, the date and time of your visit, time spent on the Website, unique device identifiers and other data for the purpose of website statistics.
Purpose We process Personal Data for the technical and functional management of our Website and to make the Website user-friendly. Your Personal Data enables us to monitor how our Website is used and to improve its content and layout. This data also enables us to adequately secure our Website.
We do this, for example, by using cookies. More information on the use of cookies can be found in our cookie statement, which you can find here.
Basis Our legitimate interest in providing a functioning and secure Website.

Persons who contact us

Personal Data Collected The Personal Data of which you provide us by and in your contact request, such as your name, email address, phone number.
Purpose We process your Personal Data to contact you by e-mail, telephone, text message or other equivalent forms of electronic communication.
Basis We process this information based on your consent and our legitimate interests. You can freely choose to provide your Personal Data to us, and you can object to the processing at any time.

Applicants

Personal Data Collected Name, e-mail address, address, phone number, job title, current employer, gender, age, resume.
Purpose We process your Personal Data to review your application and to contact you about the progress of the application process. In addition, we may use your data to identify future suitable job opportunities and inform you accordingly.
Basis We process this data based on your consent and in some cases on our legitimate interest to conduct an efficient and effective recruitment process. You may withdraw your consent at any time.

Who has access to my Personal Data?

Website hosting

We use Webflow to manage and host the Website. We have entered into a data processing agreement with them. The privacy statement of Webflow can be found here.

Analytics

We use HubSpot to monitor and analyze the use of our Website. HubSpot is, among others, a web analytics service provided that tracks and reports website traffic. The privacy statement of HubSpot can be found here.

Social media providers

Our websites may allow you to follow us on social media channels, such as YouTube and LinkedIn, e.g. via a "follow" button or via a hyperlink leading you to the relevant social media channel. When you click on a follow button or hyperlink, the relevant social media provider collects your Personal Data directly from you, without us sharing it. We are not responsible for how these social media providers handle your Personal Data. We therefore recommend that you consult the Privacy Statements of these providers:

Service providers

Among others, we use the following service providers to assist us in carrying out the provision of our Services:

Monavate, which provides BIN sponsorship and enables the issuance of our payment cards as a licensed e-money institution. Monavate Ltd is a company incorporated and existing under the laws of England and Wales, with its registered office at The Officers’ Mess Business Centre, Royston Road, Duxford, CB22 4QH Cambridge, England, registered with Companies House under company number 12472532, and authorized and regulated by the Financial Conduct Authority under firm reference number 901097. Services in the European Economic Area are provided by UAB Monavate, a company incorporated and existing under the laws of Lithuania, with its registered office at Konstitucijos pr. 21A, 08130 Vilnius, Lithuania, registered with the Register of Legal Entities under company number 305628001, and authorized and regulated by the Bank of Lithuania under authorization code LB002139. Monavate’s privacy statement can be found here.

Marqeta, which powers the platform infrastructure for transaction processing. Marqeta, Inc. is a company incorporated and existing under the laws of the State of Delaware, United States, with its registered office at 180 Grand Avenue, 6th Floor, Oakland, California 94612, United States. Marqeta’s privacy statement can be found here.

Tag Systems, which handles the production and delivery of physical payment cards. Tag Systems handles the production and delivery of physical Cards. TAG SYSTEMS SAU is a company incorporated and existing under the laws of Andorra, with its registered office at Ctra. de la Comella 49, AD500 Andorra la Vella, Andorra, registered with the Andorran Commercial Register under number 914912V. Tag Systems’ privacy statement can be found here.

Checkout.com, which processes transactions from each time you use one of our payment cards. Checkout SAS is a company incorporated and existing under the laws of France, with its registered office at 20 bis rue La Fayette, 75009 Paris, France, registered with the Trade and Companies Register (Registre du Commerce et des Sociétés) under number 841 033 970. Checkout.com’s privacy statement can be found here.

Mastercard, which operates the global payment network through which our payment cards can be used. Mastercard Europe SA is a company incorporated and existing under the laws of Belgium, with its registered office at Chaussée de Tervuren 198A, 1410 Waterloo, Belgium. It is registered with the Crossroads Bank for Enterprises under enterprise number 0448.038.446. Mastercard’s privacy statement can be found here.

Itsme, which facilitates secure digital identity verification and authentication for account access and transaction authorization. Belgian Mobile ID NV is a company incorporated and existing under the laws of Belgium, with its registered office at Markiesstraat 1, 1000 Brussels, Belgium. It is registered with the Crossroads Bank for Enterprises under enterprise number 0541.659.084. Itsme’s privacy statement can be found here.

Other parties

We may further share your Personal Data with:

  • (Sub)contractors to assist us in carrying out the purposes listed above;
  • service providers to monitor and analyse the use of our Website, to process payments or to contact you;
  • affiliates, joint venture partners or other companies that we control or are controlled by. We will require these affiliates to comply with this Privacy Statement;
  • our accountants, auditors, lawyers or similar advisors when we ask them to give us professional advice;
  • judicial, police or administrative authorities if we are required to disclose or share your personal data to comply with a legal obligation, a binding decision by an administrative authority or a court order;
  • investors and other relevant third parties in the event of a potential sale or other corporate transaction involving us.

We only share your Personal Data with these third parties provided that they (a) comply with the GDPR as Processors or (b) have entered into a processing agreement with us as Processors. For a detailed list of these third parties, please contact us using the contact details provided above.

Processing of Personal Data outside the EEA.

We are a Belgian company and in principle aim to process your Personal Data exclusively within the European Economic Area (EEA). However, it is possible that your Personal Data - through our (sub)processors - may be transferred to countries outside the EEA.

If your Personal Data is transferred to a country that does not have an adequate level of protection under applicable law, we will take the necessary measures to ensure an equivalent level of protection. This can be done, for example, by using model contractual clauses approved by the European Commission or by implementing other appropriate safeguards.

How do we protect your Personal Data?

We have devised appropriate technical and organizational measures, safeguards and guarantees to process your Personal Data in accordance with applicable Belgian and European regulations, and in particular to protect your Personal Data against loss, misuse or unauthorized modification.

In addition, we have entered into a processing agreement with our (sub)processors to secure your Personal Data and have taken various confidentiality measures internally. We make all reasonable/necessary efforts to protect the confidentiality of your Personal Data.

How long do we keep your Personal Data?

We do not retain your Personal Data longer than necessary for the purposes for which it is stored. We retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we need to retain it to comply with applicable laws), resolve disputes and enforce our agreements.

We also retain usage data (i.e., data automatically collected, generated by the use of the Website) for internal analysis purposes. Usage data is generally retained for a shorter period, except when it is used to enhance security or improve the functionality of our Website, or when we are required by law to retain it for a longer period.

If you would like to know how long we keep your personal data for a particular purpose, please contact us using the contact information provided above.

What are my rights as a data subject?

To the extent provided by applicable Belgian and European regulations, you have the right:

  • to a confirmation of whether or not we process your Personal Data and, where appropriate, to access the Personal Data we process;
  • on correction, without undue delay, of inaccurate or incomplete Personal Data;
  • to have your Personal Data erased;
  • to obtain your Personal Data and transfer it to another Controller or Processor;
  • to obtain from us the restriction of the processing of your Personal Data to the extent possible;
  • to have your Personal Data sent to you in a structured, commonly used and machine-readable format; and
  • to object to the Processing of your Personal Data and to the use of your Personal Data for direct marketing purposes.

You may exercise these rights by contacting us. If we are the Controller with respect to the Personal Data at issue, we will process your request where appropriate. If we are the Processor for the Personal Data at issue, we will put you in touch with the relevant Controller.

In the event of a data breach, data subjects will be notified within the legally required timeframe. We have established a procedure to ensure that all data breaches are promptly and effectively reported to data subjects in accordance with applicable laws.

If and to the extent provided for in applicable Belgian and European regulations, you have the right to file a complaint with the competent supervisory authority if the processing of your Personal Data violates applicable regulations. In Belgium, this is the “Gegevensbeschermingautoriteit” (https://www.gegevensbeschermingsautoriteit.be/burger).