Website Privacy Notice

Policy Version: [28th May 2026 ].

Introduction

Welcome to the Auto Fasteners Limited (“Auto Fasteners”) privacy notice (the “Notice”).

Personal Data”, or personal information, means any information about an individual from which that person can be identified. It does not include statistical or anonymised data, i.e. information which cannot, either on its own or in conjunction with other information we hold, be used to identify that individual.

Auto Fasteners respects your privacy and is committed to protecting your Personal Data (as defined below in Section 2). This Notice will inform you as to how we look after your Personal Data when you visit our website (the “Site”) at https://auto-fasteners.com and tell you about your privacy rights and how the law protects you. Please read it carefully so you understand how and why we are using your Personal Data. We may also provide additional privacy notices for specific interactions or data handling. 

This Notice applies to the following categories of individuals: 

  • visitors to and users of our Site; 
  • prospective and existing customers; 
  • individuals who purchase or enquire about our products; 
  • individuals who register for an account or sign up to receive marketing communications from us; 
  • individuals who participate in our promotions, competitions, surveys or events;  and
  • individuals who contact us or otherwise communicate with us through our Sites or related online channels. 

This Notice does not apply to any other data processing, including, without limitation:

  • Personal Data that we collect offline or via other websites that do not link to this Notice; or
  • Personal Data that you share with third party services which we do not own or control.

Auto Fasteners Limited (also referred to as Auto Fasteners, “we”, “us” or “our” in this Notice) is the controller responsible for your Personal Data. This means we decide how and why your personal data is processed. We are registered with the Information Commissioner’s Office (ICO) as a controller (registration number ZA852196). 

This website is not intended for children, and we do not knowingly collect Personal Data relating to children.

If you have any questions about this Notice, including any requests to exercise your legal rights (see “Data Subject Rights”), please contact us using the information set out in the contact details section (“Contact Details for Privacy Queries”).

Categories of Personal Data Collected

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

  • Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, social media name, date of birth and gender.
  • Contact Data: includes billing address, delivery address, email address and telephone numbers.
  • Financial Data: includes payment card details (processed securely via Stripe; we do not store or process your full credit or debit card numbers on our servers). 
  • Transaction Data: includes details about payments to and from you and other details of services you have purchased from, or donations you have made to, us.
  • Technical Data: includes internet protocol (“IP”) address (for example, if you request a password reset, your IP address will be included in the reset email for security verification), your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 
  • Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data: includes information about how you use our website, products and services. 
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data cannot directly or indirectly reveal your identity, either on its own or in conjunction with other information we may hold. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Notice.

We do not routinely collect special category personal data about you (such as information about your health, race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, or biometric data). 

How Personal Data is Collected 

We use different methods to collect data from and about you including through:

  • Direct interactions: You may give us your Personal Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
  • create an account on our website;
  • purchase, order or enquire about our products; 
  • manage your account or update your account details; 
  • subscribe to our newsletters, updates or other publications; 
  • request marketing to be sent to you; 
  • enter a competition, promotion or survey; 
  • leave a review or provide feedback; or 
  • contact us, including by submitting an enquiry through our website or contacting our customer support team. 
  • Automated technologies or interactions: As you interact with our website, we will collect Technical Data about your equipment, browsing actions and patterns where you have consented to allow us to use non-essential cookies or other similar technologies. We may collect this Technical Data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
  • Cookies: When you visit our website, we install cookie(s) or use other similar technologies to your device. Some of these cookies require your prior consent.
  • You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
  • A “cookie” is a small piece of data that can be sent by a Web server to your computer, which then may be stored by your browser on your computer’s hard drive. Cookies and other similar technologies are useful in allowing more efficient login for users, tracking transaction histories, preserving information between sessions, and improve the functionality of the website. Some Web browsers such as Microsoft Edge, Apple Safari and Google Chrome may have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies, however, you may not be able to use certain personalized functions of this website.
  • For more information about online behavioural advertising and your choice to opt-out of receiving targeted online advertisements from members of the Digital Advertising Alliance, please visit their website at http://www.aboutads.info/choices/. To learn how you can opt-out of Google’s use of cookies, please visit Google’s Ad Settings at https://www.google.com/settings/u/0/ads/authenticated.
  • We use CookieYes to manage your consent preferences. Please see our cookies policy [LINK] if you would like further information.
  • Third party or publicly available sources: We may receive Personal Data about you from various third parties and public sources as set out below:
  • Technical Data is collected from the following parties:
  1. analytics providers (such as Google using Google Tag Manager for anonymised conversion tracking);
  2. advertising networks; and
  3. search information providers.
  • We may use certain third-party services, such as Google Tag Manager, to help us analyse how people use the website. We use this information to evaluate your and other users’ use of the website, compiling reports on website activity, and providing other services relating to website activity and Internet usage.

Legal Basis for Processing

We will only use your Personal Data where we are permitted to do so by applicable law. Under UK data protection law, the use of Personal Data must be justified under one of several legal grounds. The principal legal grounds that justify our use of your Personal Data are:

Consent 

 We have obtained your active agreement to use your Personal Data for a specific purpose. This consent may be collected (for example) via a consent form or tick-box and you can withdraw your consent at any time using the  unsubscribe facility or contacting us).

Performance of a contract 

 Your Personal Data is necessary to enter into or perform our contract with you e.g. when you make a purchase we need to fulfil.

Legal obligation 

 We need to use your information to comply with a legal obligation – for tax obligations or responding to lawful requests from authorities. We will identify the relevant legal obligation when we rely on this legal basis.

Legitimate interests 

 We need to use your Personal Data to run our business and pursue our legitimate interests., For example, we rely on legitimate interests to provide our offering effectively, prevent fraud, and improve our services. Unless it is a ‘recognised legitimate interest’ under the UK GDPR, we consider and balance any potential impact on you and your rights (both positive and negative) before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

How we use your Personal Data

Purposes for which we will use your Personal Data

What do we collect?

What do we use the data for?

What is our legal basis for collecting it?

How long do we keep it for?
  1. Identity
  2. Contact
 To register you as a new customer
  1. Performance of a contract with you
  1. For so long as your account remains active, plus the 6 or 7 year statutory limitation period for any claims arising out of the active account period. Accounts abandoned for more than 5 years will be safely deleted at the end of the retention period or anonymised.

 
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing and Communications
 To process and deliver your order including:

  1. Manage payments, fees and charges
  2. Collect and recover money owed to us
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to recover debts due to us)
  1. 6 years from the date of the transaction, to comply with UK tax law and HMRC auditing requirements.
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
 To manage our relationship with you which will include:

  1. Notifying you about changes to our terms or privacy policy
  2. Dealing with your requests, complaints and queries
  1. Performance of a contract with you
  2. Necessary to comply with a legal obligation
  3. Necessary for our legitimate interests (to keep our records updated and manage our relationship with you)
  1. For so long as your account remains active. Contact form submissions are retained for 24 months following resolution of the enquiry. We may retain data for the 6 or 7 year statutory limitation period for any claims arising out of the active account period. 
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
 To enable you to partake in a prize draw, competition or complete a survey
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
 For as long as your account remains active, plus the 6 or 7 year statutory limitation period for any claims arising out of the active account period. 
  1. Identity
  2. Contact
  3. Technical
 To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  1. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  2. Necessary to comply with a legal obligation
  1. For so long as reasonably required for security and administration purposes, subject to applicable law.
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
 To deliver relevant website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  1. Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy); OR
  2. Consent
  1. For so long as your account remains active, or until you withdraw consent, plus the 6 or 7 year statutory limitation period for any claims arising out of the active account period. 
  1. Technical
  2. Usage
 To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing
  1. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy); OR
  2. Consent
  1. Aggregated analytics data may be retained indefinitely in anonymised form.
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
 To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you based on your Profile Data
  1. Necessary for our legitimate interests (to carry out direct marketing, develop our products/services and grow our business) OR 
  2. Consent, having obtained your prior consent to receiving direct marketing communications
  1. For so long as your account remains active, or until you withdraw consent or opt out of marketing.
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
 To carry out market research through your voluntary participation in surveys
  1. Necessary for our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services).
  1. For so long as reasonably required for research purposes, subject to applicable law.

Direct Marketing

  • During the registration process on our website when your personal data is collected, you will be asked to indicate your preferences for receiving direct marketing communications from Auto Fasteners Limited via email OR You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving the marketing.
  • We may also analyse your Identity, Contact, Technical, Usage and Profile Data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications

Opting out of marketing

  • You can ask to stop sending you marketing communications at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links within any marketing communication sent to you or by contacting us at enquiries@auto-fasteners.com .
  • If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to order confirmations updates to our Terms and Conditions, checking that your contact details are correct

Data sharing and international transfers

We will share your personal data where necessary with the parties set out below for the purposes set out in this Notice. We will only transfer your data to third parties in restricted circumstances and where it is lawful to do so.

We will share your data with service providers and selected third parties, for purposes of providing our services to you and in connection with our efforts to prevent and investigate fraudulent activity.

More specifically, we will disclose your personal information:

  • if we transfer, purchase, reorganise, merge or sell any assets or the assets of a third party, and we disclose or transfer your personal data to the prospective seller, buyer or other third party involved in a business transfer, reorganisation or merger arrangement (and their advisors);
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
  • to protect the rights, property, or safety of our users or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction, or disclosing information to courts, court-appointed persons/entities, receivers and liquidators, tribunals, regulatory authorities and law enforcement officers in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights, or to protect rights and interests of others;
  • to our consultants or professional advisors, including legal advisors and accountants;
  • to our insurers; and
  • to any other third party as directed by you.

In particular, the following third-party service providers process your Personal Data on our behalf:

  • Stripe: processes payment transactions on our behalf. We do not store or process your full credit or debit card numbers on our servers;
  • SAP (via Appseconnect): your account data, order history and ordering preferences are synchronised from our WooCommerce platform to our enterprise resource planning system for order fulfilment purposes;
  • Royal Mail: customer names and delivery addresses are shared with Royal Mail to facilitate physical delivery of orders (shipping labels are printed in-house); and
  • CookieYes: manages cookie consent preferences on our Site.

We confirm that your Personal Data will not be transferred outside of the United Kingdom. Where we work with global partners, we receive assurances from them that the data will be held in the United Kingdom.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

We will store your Personal Data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which your Personal Data was collected, or as may be permitted under applicable law.

When determining the appropriate length of time for retention, multiple factors are taken into account, including:

  • the nature and sensitivity of the personal information;
  • the purposes for which the information is required;
  • any laws or regulations that we are required to follow; and
  • the period of time during which any claims or proceedings can be brought against us to defend against any such claims.

This means that typically we retain your Personal Data for the duration of your relationship with us and then, for a period defined by legal, accounting or reporting requirements. If you would like further information on our retention periods, please reach out to us through the details in the “Contact” section below for further information.

In some circumstances you can ask us to delete your data: see the “Data subject rights” section below for further information.

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in our legitimate interest, in which case we may use and retain this information indefinitely without further notice to you.

Data subject rights

Under certain circumstances, and depending on your jurisdiction, you may have the following rights under data protection laws in relation to your Personal Data:

  • Right to request access to your Personal Data (“data subject access request”). This enables you to receive a copy of your Personal Data that we hold about you and to check that we are lawfully processing it and its accuracy, including the categories of Personal Data, the categories of sources from which we collected the information, the business or commercial purposes of collecting the information, the categories of third parties with whom we have shared the information, and the categories of Personal Data that we have shared with third parties for a business purpose. In some instances, you may have the right to receive the information about you we have collected in a portable and readily usable format. Before providing any of this information, we must be able to verify your identity.
  • Right to request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Right to request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example, we cannot delete information about you if your Personal Data is on the contract between us for our services or products.
  • Right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to limit the use and disclosure of sensitive personal information, including not to have your sensitive data, including sensitive data inferences, processed until we obtain consent, subject to certain exceptions. You have the separate right to object where we are processing your Personal Data for direct marketing purposes.
  • Right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:
  • if you want us to establish the data’s accuracy;
  • where our use of the data is unlawful, but you do not want us to erase it;
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to request the transfer (data portability) of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;

Right to withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;

Right to complain. In addition to the right to complain outlined below, you have the right to complain to us as the controller of your personal data if you believe we are not handling your personal data in accordance with our legal obligations. You can lodge a complaint by contacting us at the details outlined below.

Contact details for privacy queries

If you have any comments or queries in connection with this Notice, please contact us at enquiries@auto-fasteners.com or write to Auto Fasteners Ltd. Global Distribution Centre, Holywell Business Park, Northfield Road, Southam Warwickshire CV47 0FP. United Kingdom.

If you are unhappy with how we have handled your data, or you are not satisfied with our response to any requests you have made to us regarding the use of your Personal Data, you have the right to lodge a complaint with the Information Commission.

You can contact them by calling 0303 123 1113 or www.ico.org.uk/concerns (please note we can’t be responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

We would, however, appreciate the chance to deal with your concerns before you approach the applicable regulatory body, so please contact us in the first instance at [enquiries@auto-fasteners.com].

Changes to this Notice

We may update this Notice to reflect changes to how and why we process personal data from time to time. Any changes will be updated on our website, with a brief notice explaining when the changes take effect, providing an outline of what the changes are and where you can find them. We therefore encourage you to check the Notice for such updates on a regular basis.