Privacy Policy

This Privacy Policy explains how Trulux Group ("Trulux Group", "we", "us", or "our") collects, uses, holds, discloses, and protects personal information when you visit our website at truluxgroup.com.au (the "Site") or interact with us through the Site.

Trulux Group is an Australian personal care, cosmetics, and wellness manufacturer. Our Site is informational and content-based — it does not facilitate online purchases, customer accounts, or transactions.

We are bound by the Privacy Act 1988 (Cth) (the "Privacy Act") and the Australian Privacy Principles (APPs). This Policy describes how we meet those obligations in relation to the Site.

We only collect personal information that is reasonably necessary for our business activities. This typically includes:

Information you provide to us directly:

• Your name and email address when you submit our contact form to enquire about Trulux Group, our manufacturing services, or to send us a message.
• Any other information you voluntarily include in your message.

Information collected automatically when you visit the Site:

• Technical data such as IP address, browser type and version, device type, operating system, referring URLs, and pages viewed.
• Usage data such as time spent on pages, scroll behaviour, clicks, and navigation patterns.
• This information is collected through cookies, analytics tools, and standard server logs (see Section 8).

We do not knowingly collect "sensitive information" (as defined under the Privacy Act, including health, racial, religious, or political information) through the Site. If you choose to disclose sensitive information to us in a message, we will only use it for the purpose for which you provided it, and handle it in accordance with the APPs.

We collect personal information:

• Directly from you, when you submit our contact form or otherwise send us a message.
• Automatically, through cookies and analytics technologies when you use the Site (see Section 8).

Where reasonable and practical, we collect personal information directly from you.

We use personal information for the following purposes:

• To respond to enquiries and messages submitted through our contact form.
• To improve our Site, content, and services.
• To analyse Site usage patterns and trends.
• To protect the security and integrity of the Site.
• To comply with our legal and regulatory obligations.

We will not use your personal information for an unrelated purpose unless you would reasonably expect us to do so, or you have consented.

Where lawful and practical, you may interact with us anonymously or using a pseudonym — for example, by browsing the Site without submitting our contact form. However, if you wish to contact us or receive a response, we will need your name and email address.

We do not sell or rent your personal information. We may disclose personal information to:

• Service providers that help us operate the Site and our business — including hosting and infrastructure providers, analytics providers, and contact management tools.
• Professional advisers such as accountants, auditors, and lawyers, where reasonably necessary.
• Group companies and brand entities within the Trulux Group corporate structure, on a confidential basis and only where relevant to the purpose for which the information was collected.
• Regulators, law enforcement, or government agencies, where required or authorised by law.
• A purchaser or successor entity in connection with a sale, merger, or restructure of our business, subject to appropriate confidentiality undertakings.

All third parties we engage are required to handle personal information in accordance with applicable privacy laws and our instructions.

Some of the service providers we use are based outside Australia, or may store personal information on servers located overseas. The countries personal information may be sent to or accessed from currently include the United States and the European Union.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information in a manner consistent with the APPs, or that an exception under APP 8 applies.

We use cookies and similar technologies on the Site for the following purposes:

• Essential cookies — required for the Site to function correctly.
• Analytics cookies — to understand how visitors use the Site (for example, through tools such as Google Analytics).

You can disable or delete cookies through your browser settings, but parts of the Site may not function correctly without them. Where required, we will request your consent before non-essential cookies are set.

We do not currently send direct marketing communications through the Site. If this changes in future, we will update this Policy and ensure any marketing communications comply with the Spam Act 2003 (Cth), including providing a clear opt-out mechanism.

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These include access controls, secure transmission (HTTPS), restricted staff access, and engaging service providers with appropriate security practices.

No method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps, we cannot guarantee absolute security of information transmitted to us.

We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

Indicative retention periods:

• Contact form data (name, email, and any message content) — up to 24 months after last interaction, unless you ask us to delete it sooner.
• Website analytics data — as configured in our analytics tools (typically 14 to 26 months).

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will comply with our obligations under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals where required.

We do not currently use substantially automated decision-making processes that produce legal or similarly significant effects on individuals using the Site. If this changes, we will update this Policy in line with the transparency requirements under the Privacy Act that take effect from 10 December 2026.

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
• Request that we delete your personal information, subject to legal and operational obligations.
• Make a complaint about how we have handled your personal information (see Section 15).

To make a request, please contact us using the details in Section 16. We will respond within a reasonable period — generally within 30 days. We may need to verify your identity before actioning a request.

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, please contact us first using the details in Section 16. We will acknowledge your complaint promptly and respond within a reasonable timeframe — generally within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5288, Sydney NSW 2001

For all privacy-related enquiries, requests, or complaints, please contact our Privacy Officer:

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The current version will always be available on this page, with an updated "Last updated" date at the top. We will notify you of material changes through the Site or other appropriate means.