Privacy policy
Last modified on [25/06/2025]
Auric (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information.
This privacy statement (the “Privacy Statement”) describes how we collect, use, and share your Personal Data when you use our website, products, and services. It applies to both our website www.auric.cloud (the “Website”) and to payment cards issued by us (the “Card”) and related services (collectively the “Services”), including card application, identity verification, issuance, transaction execution, fraud detection, customer support, and complaint handling. We ensure that your Personal Data is processed securely and lawfully, and always in accordance with applicable data protection laws.
We encourage you to read our Privacy Statement carefully and contact us with any questions at dpo@auric.cloud.
All capitalized designations not defined in this Statement have the meaning as defined in the General Data Protection Regulation.
Who we are
Bonsai BV
Jules Destréelaan 63B
9050 Ghent
Belgium
Company number 663.774.859
E-mails: support@auric.cloud and dpo@auric.cloud
Changes
This Privacy Statement may be updated and modified in the future, which will be made clear through the change of date at the top of this Privacy Statement. It is up to you take this Privacy Statement into account. Any substantial change will be communicated.
Who processes your Personal Data?
Auric is a Controller for the processing of your Personal Data that we collect through the Website, through contact requests, from job applicants, etc. Furthermore, Auric is a Controller for the processing of your Personal Data that we collect through our partners that make use of our Services.
What Personal Data do we process from whom, and for what purposes?
We process various types of Personal Data. Personal Data (among others) listed below may be processed by us.
Users of our Services
Visitors to the Website
Persons who contact us
Applicants
Who has access to my Personal Data?
Website hosting
We use Webflow to manage and host the Website. We have entered into a data processing agreement with them. The privacy statement of Webflow can be found here.
Analytics
We use HubSpot to monitor and analyze the use of our Website. HubSpot is, among others, a web analytics service provided that tracks and reports website traffic. The privacy statement of HubSpot can be found here.
Social media providers
Our websites may allow you to follow us on social media channels, such as YouTube and LinkedIn, e.g. via a "follow" button or via a hyperlink leading you to the relevant social media channel. When you click on a follow button or hyperlink, the relevant social media provider collects your Personal Data directly from you, without us sharing it. We are not responsible for how these social media providers handle your Personal Data. We therefore recommend that you consult the Privacy Statements of these providers:
- Facebook's privacy statement ;
- Instagram's privacy statement;
- LinkedIn's privacy statement;
- X's privacy statement;
- YouTube's privacy statement.
Service providers
Among others, we use the following service providers to assist us in carrying out the provision of our Services:
Monavate, which provides BIN sponsorship and enables the issuance of our payment cards as a licensed e-money institution. Monavate Ltd is a company incorporated and existing under the laws of England and Wales, with its registered office at The Officers’ Mess Business Centre, Royston Road, Duxford, CB22 4QH Cambridge, England, registered with Companies House under company number 12472532, and authorized and regulated by the Financial Conduct Authority under firm reference number 901097. Services in the European Economic Area are provided by UAB Monavate, a company incorporated and existing under the laws of Lithuania, with its registered office at Konstitucijos pr. 21A, 08130 Vilnius, Lithuania, registered with the Register of Legal Entities under company number 305628001, and authorized and regulated by the Bank of Lithuania under authorization code LB002139. Monavate’s privacy statement can be found here.
Marqeta, which powers the platform infrastructure for transaction processing. Marqeta, Inc. is a company incorporated and existing under the laws of the State of Delaware, United States, with its registered office at 180 Grand Avenue, 6th Floor, Oakland, California 94612, United States. Marqeta’s privacy statement can be found here.
Tag Systems, which handles the production and delivery of physical payment cards. Tag Systems handles the production and delivery of physical Cards. TAG SYSTEMS SAU is a company incorporated and existing under the laws of Andorra, with its registered office at Ctra. de la Comella 49, AD500 Andorra la Vella, Andorra, registered with the Andorran Commercial Register under number 914912V. Tag Systems’ privacy statement can be found here.
Checkout.com, which processes transactions from each time you use one of our payment cards. Checkout SAS is a company incorporated and existing under the laws of France, with its registered office at 20 bis rue La Fayette, 75009 Paris, France, registered with the Trade and Companies Register (Registre du Commerce et des Sociétés) under number 841 033 970. Checkout.com’s privacy statement can be found here.
Mastercard, which operates the global payment network through which our payment cards can be used. Mastercard Europe SA is a company incorporated and existing under the laws of Belgium, with its registered office at Chaussée de Tervuren 198A, 1410 Waterloo, Belgium. It is registered with the Crossroads Bank for Enterprises under enterprise number 0448.038.446. Mastercard’s privacy statement can be found here.
Itsme, which facilitates secure digital identity verification and authentication for account access and transaction authorization. Belgian Mobile ID NV is a company incorporated and existing under the laws of Belgium, with its registered office at Markiesstraat 1, 1000 Brussels, Belgium. It is registered with the Crossroads Bank for Enterprises under enterprise number 0541.659.084. Itsme’s privacy statement can be found here.
Other parties
We may further share your Personal Data with:
- (Sub)contractors to assist us in carrying out the purposes listed above;
- service providers to monitor and analyse the use of our Website, to process payments or to contact you;
- affiliates, joint venture partners or other companies that we control or are controlled by. We will require these affiliates to comply with this Privacy Statement;
- our accountants, auditors, lawyers or similar advisors when we ask them to give us professional advice;
- judicial, police or administrative authorities if we are required to disclose or share your personal data to comply with a legal obligation, a binding decision by an administrative authority or a court order;
- investors and other relevant third parties in the event of a potential sale or other corporate transaction involving us.
We only share your Personal Data with these third parties provided that they (a) comply with the GDPR as Processors or (b) have entered into a processing agreement with us as Processors. For a detailed list of these third parties, please contact us using the contact details provided above.
Processing of Personal Data outside the EEA.
We are a Belgian company and in principle aim to process your Personal Data exclusively within the European Economic Area (EEA). However, it is possible that your Personal Data - through our (sub)processors - may be transferred to countries outside the EEA.
If your Personal Data is transferred to a country that does not have an adequate level of protection under applicable law, we will take the necessary measures to ensure an equivalent level of protection. This can be done, for example, by using model contractual clauses approved by the European Commission or by implementing other appropriate safeguards.
How do we protect your Personal Data?
We have devised appropriate technical and organizational measures, safeguards and guarantees to process your Personal Data in accordance with applicable Belgian and European regulations, and in particular to protect your Personal Data against loss, misuse or unauthorized modification.
In addition, we have entered into a processing agreement with our (sub)processors to secure your Personal Data and have taken various confidentiality measures internally. We make all reasonable/necessary efforts to protect the confidentiality of your Personal Data.
How long do we keep your Personal Data?
We do not retain your Personal Data longer than necessary for the purposes for which it is stored. We retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we need to retain it to comply with applicable laws), resolve disputes and enforce our agreements.
We also retain usage data (i.e., data automatically collected, generated by the use of the Website) for internal analysis purposes. Usage data is generally retained for a shorter period, except when it is used to enhance security or improve the functionality of our Website, or when we are required by law to retain it for a longer period.
If you would like to know how long we keep your personal data for a particular purpose, please contact us using the contact information provided above.
What are my rights as a data subject?
To the extent provided by applicable Belgian and European regulations, you have the right:
- to a confirmation of whether or not we process your Personal Data and, where appropriate, to access the Personal Data we process;
- on correction, without undue delay, of inaccurate or incomplete Personal Data;
- to have your Personal Data erased;
- to obtain your Personal Data and transfer it to another Controller or Processor;
- to obtain from us the restriction of the processing of your Personal Data to the extent possible;
- to have your Personal Data sent to you in a structured, commonly used and machine-readable format; and
- to object to the Processing of your Personal Data and to the use of your Personal Data for direct marketing purposes.
You may exercise these rights by contacting us. If we are the Controller with respect to the Personal Data at issue, we will process your request where appropriate. If we are the Processor for the Personal Data at issue, we will put you in touch with the relevant Controller.
In the event of a data breach, data subjects will be notified within the legally required timeframe. We have established a procedure to ensure that all data breaches are promptly and effectively reported to data subjects in accordance with applicable laws.
If and to the extent provided for in applicable Belgian and European regulations, you have the right to file a complaint with the competent supervisory authority if the processing of your Personal Data violates applicable regulations. In Belgium, this is the “Gegevensbeschermingautoriteit” (https://www.gegevensbeschermingsautoriteit.be/burger).