Trenthos
Privacy

Privacy Policy.

How Trenthos collects, uses, holds and discloses personal information on the public website at www.trenthos.com, consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Effective
3 June 2026
Version
1.1
Applies to
www.trenthos.com

About this policy

Trenthos Pty Ltd (ACN 697 995 501) ("Trenthos", "we", "us", "our") is committed to protecting the privacy of individuals who interact with our public website at www.trenthos.com (the "Site").

This Privacy Policy explains how we collect, hold, use and disclose personal information through the Site, and how we comply with our obligations under the Privacy Act 1988 (Cth) (the "Privacy Act") and the Australian Privacy Principles ("APPs").

Scope of this policy

This policy covers personal information handled in connection with the marketing and corporate website at www.trenthos.com.

It does not cover personal information - including patient health information - processed by our clinical software product, Lumen, available at lumen.trenthos.com. Lumen is licensed to medical practices and clinics, which remain responsible for the collection and management of patient personal information. Trenthos handles patient information only on instruction from the contracted practice, under separate clinical service agreements that incorporate APP-aligned data handling obligations. A separate privacy notice applies to Lumen and is made available to authenticated users of the platform.

If you reached this policy from lumen.trenthos.com and have questions about Lumen specifically, please contact your treating clinic, or write to us at the address in Section 15.

Our commitment under the Privacy Act

Trenthos is an Australian-incorporated entity and an "APP entity" for the purposes of the Privacy Act. We comply with the Australian Privacy Principles in our handling of personal information. In particular:

  • We are open and transparent about how we manage personal information (APP 1).
  • We allow you to interact with us anonymously or under a pseudonym where it is lawful and practicable (APP 2).
  • We collect only the personal information reasonably necessary for our functions or activities (APP 3).
  • We tell you what we collect, why and how (APP 5).
  • We use and disclose personal information only for the purposes for which it was collected, related secondary purposes you would reasonably expect, or as otherwise permitted by law (APP 6).
  • We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure (APP 11).
  • We provide reasonable access to, and correction of, personal information we hold about you (APP 12 and APP 13).

Where this policy uses the term "personal information", it has the meaning given in the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.

What information we collect

The Site is a marketing website. It does not require account creation and does not process payments. It includes a contact form, and we operate our own first-party analytics (both described below). The personal information we collect through the Site is limited and falls into the categories described below.

3.1 Information you give us directly

If you contact us - by using the contact form on the Site, or by writing to an email address we publish (such as support@trenthos.com or privacy@trenthos.com) - we receive the information you choose to provide. This typically includes:

  • your name, if you provide it;
  • your email address;
  • any postal address, phone number, organisation or role you choose to share;
  • the content of your message, including any opinions, enquiries or feedback you provide.

You decide what to include in your message. We do not require you to provide a real name for general enquiries; however, certain requests - for example, a request to access or correct personal information - will require us to verify your identity.

3.2 Information collected automatically

When you visit the Site, our web server and underlying hosting infrastructure record limited technical information about each request, in line with normal web hosting practice. This typically includes:

  • your IP address;
  • the date and time of the request;
  • the URL or page requested, and any referring URL;
  • your browser and operating system user-agent string;
  • the HTTP response status code and the size of the response.

This information is used to operate, secure and monitor the Site - for example, to investigate attempted abuse, debug errors, and understand traffic levels. It is not used to identify you individually, and we do not combine it with the contents of any email correspondence you send us.

In addition to standard server logging, we operate our own first-party analytics to understand how the Site is used and to improve it. This is built and hosted by us - we do not use Google Analytics or any third-party analytics, advertising or session-replay service, and we do not share or sell analytics data. As you browse, we record events such as the pages you view and the referring URL; interactions such as clicks (including the link or button label), how far you scroll, and how long a page is actively in view; and your approximate device type, screen and viewport size, and browser user-agent.

To distinguish repeat visits and sessions, we store a random, first-party identifier in your browser's local and session storage. It is not linked to your name or contact details, and we do not use cookies for analytics. Your IP address is not kept in raw form with this data - it is reduced to a daily-rotating, one-way hash that cannot be reversed. We use this information only in aggregate - to understand traffic and improve the Site, not to identify you individually - and it is held within the AWS ap-southeast-2 (Sydney) region. You can remove the identifier at any time by clearing site data for www.trenthos.com, or avoid it by using your browser's private mode.

3.3 Information from third-party services on the Site

The Site loads typefaces from Google Fonts, a service operated by Google LLC. As a result, when you load a page on the Site, your browser will make a request to fonts.googleapis.com and fonts.gstatic.com. Google may receive information in connection with that request - including your IP address and user-agent string - and processes it in accordance with Google's own privacy policy. We do not transmit any other personal information about you to Google.

Beyond the first-party analytics described in Section 3.2, the Site does not use:

  • third-party analytics services (such as Google Analytics) or tracking pixels;
  • advertising networks or remarketing tags;
  • session-replay or heatmap tools;
  • third-party social media widgets.

If we add any of these services in future, we will update this policy and, where required by law, obtain your consent before placing non-essential cookies or trackers.

3.4 Sensitive and health information

The Site does not request and is not designed to receive sensitive information as defined in the Privacy Act, including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, or biometric information. Please do not include sensitive information in unsolicited emails to us. If you do, we will handle it consistent with this policy and the Privacy Act and will delete it where it is not relevant to our communication with you.

Personal information processed within the Lumen clinical platform, including patient health information, is handled separately under per-clinic agreements and the Lumen privacy notice, as described in Section 1 above.

How we collect information

We collect personal information:

  • Directly from you, when you write to us by email;
  • Automatically, through standard web server logging when you visit the Site; and
  • From third parties on the Site, only to the limited extent described in Section 3.3 above (Google Fonts).

We do not buy personal information from data brokers. We do not engage in web scraping, behavioural advertising or profiling.

Why we collect and use information

We collect, hold and use the personal information described in Section 3 for the following purposes (the "primary purposes"):

  • Responding to enquiries. We use the contact details and message contents you provide to reply to your message, answer your questions, follow up on partnership or pilot enquiries, and maintain a record of our correspondence with you.
  • Operating and securing the Site. We use server-log information to keep the Site available, investigate errors and operational issues, and detect or prevent abuse, misuse and attacks.
  • Legal and compliance obligations. We may use personal information to meet our obligations under Australian law, respond to valid legal process, and protect the rights, property and safety of Trenthos, our users and the public.

We may also use personal information for related secondary purposes that you would reasonably expect - for example, internal record-keeping, quality assurance, and dispute resolution - consistent with APP 6.

We do not use personal information collected through the Site for direct marketing without your consent. If we later wish to send you marketing communications, we will obtain your consent first, and every such communication will include a clear opt-out (APP 7).

When we disclose information

We disclose personal information only as described in this policy or as otherwise permitted by law. In practice, this means:

  • Service providers. We use third-party service providers to host and operate the Site (including Amazon Web Services, transactional email infrastructure, and the Google Fonts service described above). These providers act on our instructions and are bound by contractual or service-level obligations consistent with the Privacy Act.
  • Professional advisors. We may disclose personal information to our legal, accounting, insurance or other professional advisors when they reasonably need it to advise us.
  • Legal and regulatory. We may disclose personal information where we are required or authorised to do so by law, including in response to a valid request from a regulator, court or law enforcement agency.
  • Corporate transactions. If our business is reorganised, sold or transferred, personal information may be transferred to the relevant successor entity, subject to the protections set out in this policy.

We do not sell personal information.

Overseas disclosure (APP 8)

The infrastructure for the Site and our email correspondence may involve the disclosure of personal information to recipients outside Australia. Specifically:

  • Hosting. Site content, and any operational data we hold in the cloud, resides in the AWS ap-southeast-2 (Sydney) region. Although Amazon Web Services is a United States–headquartered company, the data is held on Australian servers and AWS staff outside Australia cannot access it in normal operation; this is contractually enforced. Consistent with the OAIC's guidance on cloud computing, storing data with an Australian-based service in this way is not treated as an overseas “disclosure” of that data.
  • Google Fonts. As described in Section 3.3, requests from your browser to Google's typeface servers may be processed in jurisdictions outside Australia, including the United States.
  • Email. Email correspondence with us may transit international mail relays before reaching our mailbox.

Before disclosing personal information to a recipient outside Australia, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, except where an exception in APP 8.2 applies (for example, where you have consented after being expressly informed of the consequences).

Data retention

We retain personal information only for as long as we need it to fulfil the purposes set out in this policy or as required by law.

Email correspondence
Retained for as long as needed to handle the matter to which it relates, plus a reasonable period for follow-up, record-keeping, and dispute resolution. In general, no longer than seven years, consistent with standard commercial record-keeping practice in Australia.
Web server logs
Retained for short operational windows - typically up to 90 days for general access logs, and up to 12 months for security-relevant logs - before being purged or de-identified.
Records of access and correction requests
Retained for the period required to demonstrate our compliance with our obligations under APP 12 and APP 13.

Where the law permits, we will destroy or de-identify personal information when it is no longer needed for any purpose for which we are permitted to use or disclose it.

Data security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure, as required by APP 11. Our measures include:

  • transport-layer encryption (TLS 1.3) for traffic between your browser and the Site;
  • encryption at rest (AES-256) for the storage layers we operate;
  • strict role-based access controls for staff with access to personal information;
  • multi-factor authentication and Argon2id password hashing on our internal accounts;
  • audit logging on systems that hold personal information; and
  • regular reviews of access, dependencies and security posture.

No method of transmission over the internet or method of electronic storage is 100% secure. If we become aware of an eligible data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (the "OAIC") as required by Part IIIC of the Privacy Act (the Notifiable Data Breaches scheme).

Your rights

10.1 Access (APP 12)

You may request access to the personal information we hold about you. We will respond to your request within a reasonable period (generally within 30 days) and provide access in the manner you request, where practicable. We may charge a reasonable fee to cover the cost of providing access where the request requires significant effort, but we will not charge you for making the request itself.

10.2 Correction (APP 13)

If you believe that the personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request that we correct it. If we agree, we will take reasonable steps to correct the information. If we disagree, we will provide our reasons, and you may ask us to associate a statement with the information noting that you consider it inaccurate, out of date, incomplete, irrelevant or misleading.

10.3 Anonymity and pseudonymity (APP 2)

You may interact with us anonymously or under a pseudonym where it is lawful and practicable to do so. For example, you may submit a general enquiry without identifying yourself, although we may be unable to assist if a substantive response requires knowing who you are.

10.4 Withdrawing consent

Where we rely on your consent to collect, use or disclose personal information, you may withdraw that consent at any time by writing to privacy@trenthos.com. Withdrawal of consent does not affect the lawfulness of any handling that occurred before the withdrawal.

10.5 How to exercise your rights

To exercise any of the rights above, please write to privacy@trenthos.com with the subject line "Privacy Request". We may need to verify your identity before acting on your request, and may ask you to clarify the scope of your request to enable us to respond effectively.

Cookies and tracking

For our first-party analytics (Section 3.2) we store a random first-party identifier in your browser's local and session storage rather than using cookies. We do not use device fingerprinting, third-party tracking pixels, web beacons, advertising tags, or session-replay tools.

We set a cookie in only one case: when a member of our staff signs in to our internal admin dashboard. This is a functional, first-party session cookie used solely to keep that person signed in; it is never set for ordinary visitors to the Site, and it is not used for analytics or advertising.

Browser-level requests to third parties (for example, the request to Google Fonts described in Section 3.3) may be subject to the privacy practices of those third parties. You can clear stored identifiers at any time through your browser settings, and you can browse in private mode to avoid them.

Children and minors

The Site is intended for medical professionals, business contacts, and the general public, and is not directed at children under 16. We do not knowingly collect personal information from children under 16 through the Site. If you believe that we have inadvertently received personal information from a child, please contact us and we will take reasonable steps to delete it. This under-16 threshold relates only to this marketing website; the handling of patient information within Lumen applies an under-18 framework, as described in the separate Lumen privacy notice.

Privacy complaints

If you believe that we have breached the APPs in our handling of your personal information, please let us know so that we can try to resolve the matter. You can make a complaint by writing to privacy@trenthos.com with the subject line "Privacy Complaint".

We will acknowledge your complaint within five business days and aim to provide a substantive response within 30 days. If we need more time, we will tell you why and when you can expect a response.

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner
Website: oaic.gov.au
Telephone: 1300 363 992
Postal: GPO Box 5288, Sydney NSW 2001

Changes to this policy

We may update this policy from time to time. If a change is material, we will indicate that at the top of the policy and, where appropriate, take additional steps to bring the change to your attention - for example, by posting a notice on the Site.

The current version and effective date are shown at the top of this page. Previous versions are available on request.

How to contact us

Privacy questions, requests and complaints should be directed to:

Privacy contact
privacy@trenthos.com
General enquiries
hello@trenthos.com
Postal
Trenthos Pty Ltd
ACN 697 995 501
Toowoomba, Queensland, Australia

We will treat your communication confidentially and handle it in accordance with this policy.