Privacy policy

1. HELLO! WE ARE AURIC

Auric is a brand of Bonsai NV, a Belgian private limited liability company with its registered office in Belgium, located at 9050 Ghent, Jules Destréelaan 63B. The company’s VAT number (and at the same time its number in the Crossroads Bank for Enterprises – KBO/CBE) is BE0663.774.859.

Auric is an innovative payment institution in the embedded finance sector. We provide companies with white-label financial solutions that are seamlessly integrated into their business operations. In delivering these services, we process personal data of end users.

Our offerings include payment programs, tailor-made payment cards, affiliate programs, and data analytics services.

2. GENERAL

This Privacy Statement explains how Auric (hereinafter referred to as “we”) collects and processes your personal data, as well as your rights and our obligations regarding the protection of your data.

Auric is responsible for the collection and storage of your personal data when you use the Auric website and related services.

In particular, Auric will only process your personal data in a lawful manner and for a specific, clearly defined purpose. We will only request the minimum amount of data necessary to achieve that purpose, and we will not retain the data longer than necessary. Furthermore, Auric implements appropriate technical and organizational measures to protect your data from unauthorized access, loss, or alteration.

If you have any questions, please contact our privacy team at dpo@auric.cloud.

We may update this statement from time to time, but we will always adhere to our core principle of protecting your privacy. This statement was last updated on 02 February 2025.

3. PERSONAL DATA

We primarily process personal data of individuals who participate in our Partners’ payment programs—such as football clubs, festivals, and other organizations—and who choose to use our co-branded payment card and associated loyalty features. These Affiliate Members are the main stakeholders whose personal data is processed for card management, transaction processing, and the execution of loyalty programs.

We only collect the personal data that is necessary for delivering and improving our services. “Personal data” means any information relating to an identified or identifiable natural person. Below are the main types of personal data that we may collect and process:

3.1 Identification Data of Members

  • Name
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • National ID or other identification

3.2 Financial Data

  • Bank card details (e.g., linked Visa or Mastercard debit cards)
  • Transaction details (amount, location, partner, time of the transaction)
  • Card status data (active, paused, blocked)

3.3 Card Management Data

  • Card lifecycle data (issuance, activation, suspension)
  • Security settings (contactless payment options, international payments)

3.4 Loyalty Program Data

  • Earned cashback rewards and loyalty points
  • Details of transactions that activated loyalty rewards
  • Information about partners where loyalty transactions took place

3.5 Usage Data

  • Data about interactions with the partner's app and Auric's platform

4. WHY DO WE PROCESS DATA

Auric processes your personal data for the following specific purposes:

4.1 Management of the Co-Branded Payment Card

  • Activation of the co-branded payment card
  • Providing technical support to Affiliate Members in managing their cards (e.g., pausing, blocking, or reporting lost/stolen cards)
  • Real-time visibility of loyalty transactions through the Partner app

4.2 Card and Payment Management

  • Card lifecycle management (issuance, activation, suspension, blocking)
  • Transaction processing for payments with the co-branded card
  • Secure payment processes to enable Affiliate Members to configure card security settings (e.g., enable/disable contactless or international payments)

4.3 Management of Loyalty Programs

  • Track and manage cashback rewards through transactions at partner locations (e.g., sports clubs, festivals)
  • Real-time notifications to members when they earn loyalty points or rewards
  • Partner Configurations and Rules for Loyalty Program Cashback

4.4 Insights from Aggregated Data and Analytics

  • Collect, aggregate, anonymize, and analyze transaction and loyalty data to understand cross-customer member activity, patterns, and loyalty program performance.

These activities enable Auric to provide, maintain, and continuously improve our services and enhance the user experience for Affiliate Members.

5. LEGAL BASIS

We only process your personal data if we have a valid legal basis under the GDPR. Depending on the specific processing purpose, the legal basis may be:

5.1 Contractual Necessity

We process personal data when it is necessary for the performance of our contract with you, as outlined in Auric’s General Terms and Conditions (for example, initiating your co-branded payment card).

5.2 Legal Obligations

In some cases, we must process your personal data to comply with laws and regulations (for example, anti-money laundering legislation).

5.3 Legitimate Interests

We may process personal data for our legitimate business interests (e.g., anonymizing personal data), provided that these do not outweigh your fundamental rights and freedoms.

5.4 Consent

We rely on your explicit, informed, and voluntary consent for certain types of data processing (e.g., sharing personal data with partners or sending targeted advertisements).

6. ARE YOUR DATA TRANSFERRED?

To deliver our services, we collaborate with third parties (e.g., IT service providers, card issuers, data hosting providers). These third parties are bound by contractual obligations to ensure the confidentiality and integrity of your data.

Some of these third parties may be located outside the European Economic Area. In such cases, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR standards.

7. YOUR RIGHTS

You have several rights under the GDPR regarding your personal data:

7.1 Right to be Informed

You have the right to receive clear and transparent information about how we collect, store, and process your personal data.

7.2 Right of Access

You can request confirmation as to whether we process your personal data. If we do, you can obtain a copy of that data.

7.3 Right to Rectification

You can request correction or updating of personal data that is inaccurate or incomplete.

7.4 Right to Erasure (“Right to be Forgotten”)

You can request that we erase your personal data, unless we are required to retain it for legitimate or legal reasons.

7.5 Right to Restrict Processing

You can ask us to restrict or suspend the processing of your personal data under certain circumstances (e.g., when you contest its accuracy).

7.6 Right to Object

You can object to our processing of your personal data, including profiling or direct marketing. We will honor your request unless we have compelling legitimate grounds.

7.7 Right to Data Portability

You can request a copy of your data in a structured, commonly used, and machine-readable format, and, if technically feasible, request that we transfer it to another party.

7.8 Right to Withdraw Consent

When processing is based on consent, you have the right to withdraw that consent at any time, after which we will cease processing your data for that purpose.

7.9 Rights Regarding Automated Decision-Making and Profiling

You can request not to be subject to decisions made solely by automated processes if these have significant effects on you. This also includes the right to request human intervention.

8. COMPLAINTS

8.1 Contact Our Data Protection Officer

For exercising your rights or for questions regarding the protection of your personal data, please contact us at dpo@auric.cloud.

8.2 Contact the Belgian Data Protection Authority

If you are not satisfied with our response or believe that we are processing your personal data unlawfully, you may file a complaint with the Belgian Data Protection Authority at: https://www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen

9. CONTACT INFORMATION

For general inquiries, you can contact us at support@auric.cloud.

Auric is a brand of Bonsai NV, a Belgian private limited liability company with its registered office in Belgium, located at 9050 Ghent, Jules Destréelaan 63B. The company’s VAT number (and simultaneously its number in the Crossroads Bank for Enterprises – KBO/CBE) is BE0 663.774.859.