Privacy Policy


Fastco (Fasteners & Fixings) Ltd is a UK limited company; registered address, Unit 3a, Crewe Trade Park, Gateway, Crewe, CW1 6JT No. (Company Number 3818250).

Telephone - 01270 252326

Email -

Fastco (collectively referred to in this policy as ‘we’, ‘us’ or ‘our’) is committed to upholding the privacy and security of individuals’ personal data and we recognise our responsibilities as Data Controller in respect of the information we collect and manage on behalf of our customers, users and suppliers.

This Privacy Policy demonstrates a commitment to transparency and accountability in our processing of individuals’ data and applies to the Fastco website ( and across all channels, products and services offered by us.

Personal data we collect

We collect information about you when you visit our site, register with us or engage with us in respect of products or services we provide. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions or similar promotions. Website usage information is collected using cookies.

We will only collect and retain personal data in the provision and promotion of our business services. Records are deleted upon conclusion of our commercial engagement, unless we are legally or contractually obliged to retain them. See here for more information on our data retention policies.

The personal information that we collect about you will be recorded, used and protected by us in accordance with applicable data protection legislation (the GDPR).

We only collect the information we need to ensure premium service delivery, contractual obligations and enhanced user experience.

1 Your personal details

When you sign up for our services, you may provide us with personal data for the delivery of business services

  • Your contact details, including postal and billing addresses, email addresses, phone numbers, gender, date of birth and title
  • Communication and marketing preferences

2 Using our services

When you shop with us, browse our website, use our mobile apps or contact us our we may collect data across a variety of means and channels

  • Information about your purchases or interest in our services
    • For example, what you have bought, when, where you bought it and how you paid
    • Transactional information (including payment card details) required and regulated as such to fulfil orders and customer service obligations
    • Details of correspondence with customer service teams
  • Browsing behaviour
    • For marketing intelligence, promotions and site functionality
    • Devices you have used to access our services (including the make, model and operating system, IP address, browser type and mobile device identifiers)
      • See here for more details on cookies

When we offer, or you take part in marketing promotions, competitions, surveys or questionnaires about our services we may collect data in accordance with these activities

  • Your feedback and contributions
  • Personal data you provide about yourself (as per personal details listed above and additional details for the requirements of the services and promotions)
  • Details of the emails and other digital communications we send to you that you open (including any links that you click)
    • See here for how your data may be used in our promotions

3 Third parties

We may supplement use of personal data from other sources

  • For example, data cleansing and profiling services
    • Helping maintain the accuracy of the data we hold
    • Improving and measuring the effectiveness of our marketing communications
  • Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page)
  • Click here for more details on third parties

4 Cookies

We may use cookies to understand your interests and preferences to enhance your digital experience

  • Click here to view our cookies policy

5 Sensitive data

We do not know of or envisage any requirements to collect sensitive information about you (known as ‘special categories of data’)

  • For example, your racial or ethnic origin, or data relating to your health
    • In the unlikely event of requirements to request this information we will provide you with separate details and data protection protocol at that time

Children (also referred to as ‘vulnerable individuals’)

If you are under 13 when registering on our site, we require authorisation of consent from an adult of ‘parental responsibility’

Consent can be provided by a parent or guardian by contacting us directly. This must be fully verifiable as evidence of responsibility and age. We reserve the right to ensure all appropriate measures are taken to authenticate the identity of individuals in the authorisation of consent for minors

  • For so long as individuals are under 13 yrs we only send information and updates about products or services whereby guardian or parental consent is confirmed
  • For individuals aged 13-16 we will only provide information and updates on products or services if these are relevant promotions based on previous purchase history

Individuals under the age of 16 are accorded equal rights as adults under the GDPR and we uphold these rights across all levels of privacy, security and accountability.

6 Retaining your data

The GDPR requires us to retain personal data only for so long as it is required

  • For customers completing transactions we will retain records for no longer than seven years after the last purchase date. We are required to do this to conform with tax laws
  • For prospects yet to purchase we will assume accounts to be inactive after 1 year

7 Maintaining your data

We will sporadically ask you to view, update and confirm your data

  • We need to do this to conform to Article 7 of the General Data Protection Regulation
  • It is also beneficial for you to help us provide optimal customer service and targeted recommendations, offers and services
How personal data is used

Your data is used in the provision and promotion of our commercial services to you.

Business services
We use your data to deliver your service requirements and manage your account

  • This includes email communications in relation to updates, orders and essential announcements, plus responses to inquiries, questions and related requests
  • Any information you provide may be used to help us improve the services we deliver and respond efficiently to customer service requests and ongoing support

From time to time we would like to send you information about products and services that we feel would be of interest to you

  • We may use your data to personalise communications and provide a more relevant customer service to you
  • If you opt-in to our mailing list, or it is in our legitimate interests you will receive emails or texts that may include company news, updates, related products or service information and promotions
  • You can opt out of marketing promotions at any time. We include simple unsubscribe instructions at the bottom of each email or you may contact us directly

Cookies are text files used to identify browsing behaviour when visitors access and return to a website.

We use cookies to maintain the functionality of our website and personalise the customer experience

  • For example, retaining log-in details, preferences and store information such as shopping carts and product wish lists

We also use cookies to track site usage, traffic flows and areas of particular interest

  • This may be in the generation of anonymised browsing patterns such as Google Analytics

Cookies are also used to enhance individuals’ personal experience through a better understanding of requirements

  • Providing a more personalised service, delivering targeted product interests, bespoke promotional activities and recommendations

From 25th May 2018 we request visitors opt-in to cookies when using this website. If you do not opt-in or you wish to disable cookies you may restrict the site’s functionality

Automated Decision Making

Automated processing of data without human intervention is never undertaken in respect of the information we collect from customers or individuals interested in our products.

1 Business services

We will use your data in the administration and delivery of business services to you

  • Fulfilment of products and services requested
    • Orders, refunds, inquiries and areas in which you have expressed an interest
    • Competitions or other offers and promotions
  • Customer client service administration and service delivery
    • Communications with you in respect of fulfilment of the above services
    • Management of third party suppliers for fulfilment purposes,
      • For example, payment processing partners, or data cleansing processors
      • See here – for a list of current third party suppliers
  • Web site performance
    • Enhancing users’ experience of the site
      • For example, retention and automation of user names and passwords, wish lists and abandoned baskets
      • Optimising links and user navigation
    • Performance insight
      • Using site analytics to maintain functionality, monitor and improve traffic flows
    • See here for more information on our use of cookies to manage site performance

2 Marketing

We aim to provide you with a premium customer experience, promoting our services with a personalised approach, meeting your needs as a customer and avoiding unnecessary, unwarranted or intrusive communications.

We may inform our understanding of your requirements and preferences through interpretation of your engagement with us and the data you have provided

  • Your browsing activity on our digital platforms – see more about our cookies policy here
  • Identification products and services we believe to be of interest
    • This is based on previous product selections
  • Email, SMS, phone and or any other digital communications engagement. For example
    • Analysing email opens and clicks for marketing promotions
    • Personalising marketing based on your responses to our offers and services
  • Information offered through social media channels

Direct promotions

We may deliver direct marketing promotions to you based on our understanding of your interests and provide you with appropriate business updates

  • Email or SMS newsletters featuring industry news and relevant products, discounts and offers
  • Bespoke email, SMS or telephone communications with personalised offerings

We will not promote additional services and products unless there is a clearly stated Lawful Basis for such communications

  • Consent - you may opt in to receive our marketing communications by ticking the relevant box(es) on our web site or following directions on our digital communications
  • Our Legitimate Interests – it may be in our legitimate commercial interests to promote related products and services to existing customers based on purchase history and ongoing engagement

You can opt out or object to our marketing activity at any time. Either using the unsubscribe links on our emails and SMS messages or by contacting us

Online browsing

Understanding your browsing activity when you visit our site will allow us to provide bespoke, automated information, offers and services

  • Relevant online advertisements for personal interests
  • Tailored and marketing communications that you consent to receive from us
    • o For more information on cookies see here

We do not use your browsing activity to track your personal navigation through our web site

  • Anonymous browsing activity is measured collectively across our users for web site traffic and user interest. We use Google Analytics for this.

We do not store customer data placed on the feefo website please refer to feefo’s own Privacy policy here for more details:

  • Users are emailed 3 days after placing an order
  • Their email address and products that they ordered are shared with Feefo. When a customer leaves a review they can choose how their name appears

Customer reviews

We use Feefo to process reviews on behalf of our customer and their reviews of our products and services.

  • We do not store customer data placed on the feefo website please refer to feefo’s own Privacy policy here for more details.
    • Users are emailed 3 days after placing an order.
    • Their email address and products that they ordered are shared with Feefo. When a customer leaves a review they can choose how their name appears

Market research

  • To further understand your requirements, experience and maintain the most appropriate ways in which we communicate with you
  • To help develop and improve our product range, services, information technology systems and customer service delivery

3 Protecting your data

Your data may be used help protect against data breaches

  • Verifying identity for fraud detection and prevention
  • Unauthorised account usage
    • Managing password and user access measures
  • For more information on our security policy see here

4 Cookies

For more information on Cookies and how to disable them see our Cookie policy

5 Maintaining your data usage preferences

You are at all times requested to inform us of any amendments to your preferences in the way in which we process your data

  • How we administer your account
  • Any promotional activity you may wish to receive from us

For more information on your individual rights and our processing of your data see here

If you no longer wish to receive information from us, or wish to amend your data processing preferences please contact us or click the unsubscribe option on any of our digital communications.

Your individual rights

We recognise individuals’ rights under the General Data Protection Regulation and our responsibilities when collecting and processing personal data.

We will always explain why we are asking for your information and will provide details of data stored should you exercise your rights to a Subject Access Request or our Lawful Basis for processing your data.

You may also ask us to correct or remove information you think is inaccurate or permanently delete the records we store about you.

We will automatically delete any personal information when our association ends (given appropriate legal restrictions) and fulfil our obligations to data portability if required. Rights to individuals’ data privacy, security and confidentiality are at the forefront of every interaction with our clients, employees and third parties. We are committed to the practical and ethical preservation of the personal privacy and security rights accorded to individuals under the GDPR.

1 The right to be informed

  • Organisations must be fully transparent in the ways in which they are using personal data
  • ‘Individuals have the right to be informed about the collection and use of their personal data…including purposes for processing their personal data, retention periods for that personal data, and who it will be shared with.
    • Personal data refers to ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
    • This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people’

2 The right of access

  • Individuals have the right to know the information organisations hold about them and how it is processed. Exercising this right is referred to as a ‘Subject Access Request’
    • This can be made by individuals, (in respect of their own personal data), via any digital, hard-copy or verbal channel
  • A Subject Access Request can cover a range of criteria
    • What personal data is being processed
    • The purposes for which the data is processed
    • Who, if anyone, data is disclosed to (including copied parties on email threads)
    • The extent to which data is used for the purpose of making automated decisions relating to the data subject
      • If so, the requirement for this processing
    • The Lawful Basis for processing
    • How long the data will be stored by the controller

3 The right of rectification

  • Individuals are entitled to have personal data rectified if it is inaccurate or incomplete
    • In most cases this must be undertaken within 1 month

4 The right to erasure

  • Also referred to as ‘the right to be forgotten’, individuals have the right to request their personal data be deleted or removed without the need for a specific reason as to why they wish to discontinue. This applies whereby…
    • The personal data is no longer necessary in relation to the purpose for which it was collected/processed
    • The data subject withdraws their consent or objects to the processing and there are no overriding legitimate interests to continue processing
    • The personal data was unlawfully processed or has to be erased in order to comply with a legal obligation
    • The personal data is processed in relation to the offer of information society services to a child

5 The right to restrict processing

  • Entitlement to block or suppress processing of personal data. This applies where individuals…
    • Contest the accuracy of information processed
    • Object to an organisation’s legitimate grounds for the processing
    • Processing is unlawful

6 The right to data portability

  • Individuals are entitled to request their data be copied or transferred to alternative sources, organisations and recipients. This applies where…
    • Data has been provided by an individual to a controller
    • Processing is based on consent or performance of a contract
    • Processing is carried out by automated means
  • Controllers or Processors must provide the data securely
    • In a consistent, commonly used and machine readable format (e.g. CSV files)

7 The right to object

  • Individuals have the right to object to processing of their data whereby processing is…
    • Based on legitimate interests, the performance of a task in the public interest or the exercise of official authority (including profiling)
    • Used for direct marketing (including profiling)
    • Intended for scientific and or historic research or statistics

8 Rights of automated decision making and profiling

  • Individuals have the right not to be subject to automated decision making when it has a legal or personal effect on them
    • Including any form of automated processing intended to evaluate personal aspects of a data subject, in particular to analyse or predict their performance at work, economic situation, health, personal preferences, reliability, behaviour and location

9 Exercising your rights

Verve’s commitment to individuals’ rights applies to the personal data provided by clients in the negotiation and delivery of business services

You can contact us at any time in respect of your individual rights, your personal data, its security, your processing activities and your rights in respect of this.

Our Lawful Basis for processing your data

We will only process your personal data if there is a clear necessity to do this in relation to the services we are providing and in accordance with your individual rights.

In delivery of business services, our lawful basis for processing personal data is that we have a contractual obligation to clients who are in agreement (or negotiation) with the terms and conditions of these services.

We also exercise our legitimate interests to promote relevant commercial services we provide to existing clients in respect of related products, updates and services. We deliver this through email communications and opportunities to be excluded from promotions are available at all times.

Where users opt-in to our mailing list, they will receive emails that may include industry news, service or product updates and relevant marketing promotions based on the lawful basis of consent. If at any time users would like to unsubscribe from receiving emails, we include clear instructions at the bottom of each email or users may contact us directly.

You can contact us in respect of our lawful basis for processing your personal data at any time.

1 Under GDPR there are six ‘Lawful Basis’ for processing personal data

If there is no basis for processing we cannot and will not store or process your data.

  • Consent
    • Personal data may be processed on the basis that the data subject has ‘actively and freely’ consented to such processing
  • Contractual necessity
    • Necessary in order to enter into or perform a contract with the data subject
  • Compliance with legal obligations
    • The controller has a legal obligation to perform such processing
  • Vital interests
    • In protection of the ‘vital interests’ of the data subject (this essentially applies in ‘life‑or-death’ scenarios
  • Public interest
    • Processing is necessary for the performance of tasks carried out by a public authority or private organisation acting in the public interest
  • Legitimate interests
    • Processed on the basis that the controller has a legitimate interest in processing those data, provided that such legitimate interest is not overridden by the rights or freedoms of the affected data subjects

2 Our Legitimate interests in more detail

Our consideration of data processing under the lawful basis of Legitimate Interest of our commercial activities is deemed necessary for the pursuit of our Legitimate interests –

  • Selling and supplying goods and services to our customers
  • Promoting, marketing and advertising our products and services
    • Sending promotional communications which are relevant and tailored to individual clients
    • Understanding our customers’ behaviour, activities, preferences, and needs
  • Improving existing products and services and developing new products and services
  • Complying with our legal and regulatory obligations
    • Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies
    • Handling customer service queries, complaints or disputes
    • Protecting ourselves, our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations
    • Handling any legal claims or regulatory enforcement actions taken against us
  • Fulfilling our duties to our clients, colleagues, shareholders and other stakeholders

Our security policy is designed to safeguard the confidentiality and privacy of all personal data we handle.

This covers all areas of data collection, management, processing and payments, ensuring against unauthorised access, alteration, disclosure or destruction

  • Where appropriate data is stored on secured servers, encrypted and password protected
  • Access to data is limited to authorised personnel
  • Where data transfer is necessary for third party agreements, data is passed through secure portals managed and bound by our vetted suppliers
  • For the security policies of our hosting partners please see our third party suppliers

In the unlikely event of a security breach we will report this to the ICO within 72 hours and inform you immediately, describing the nature of the breach and our response to it.

We encourage individuals to work with us to ensure appropriate measures are in place to maintain security.

We maintain an active information security policy designed to protect the confidentiality and privacy of all personal data. Our security measures address all areas of data management, processing and payments. This applies to the digital and physical processing of data.

1 Data storage

  • Where appropriate, data is stored on secure servers
  • Systems, procedures and IT facilities are continually monitored and reviewed for protection against damage, loss and misuse
    • Systems are backed up daily and copies retained temporarily, until no longer required
      • It is a breach of company policy to process data outside of secure servers when necessary
  • Any non-digital collection of personal data is stored only as and when required and archived as per GDPR directives in securely contained locations

2 Data access

  • Access to servers and non-digital data is limited to authorised personnel only
    • Only authorised personnel have user rights, id’s and passwords
  • Awareness of the importance of data security is continually promoted among employees
    • It is company policy for employees to maintain data security and protection protocol at all times
  • Data sharing between employees and departments is only permitted within the context of necessary business activities
    • This may be for the purposes of order processing, accounts and payments, marketing and any other legitimate activity in the necessary operation of the business
    • No data sharing is permitted outside of the outlined security parameters outlined in this statement

3 Payments

  • When you submit your credit card details to us, we use industry standard Secure Sockets Layer (SSL) encryption technology to guard your information
    • Your credit or debit card details, along with your personal information, are encrypted during transactions to ensure payments are processed securely
      • We will reveal only the last four digits of your credit card number when confirming an order
      • Card details are not stored for future use and we do not hold any credit card details
    • Your browser will show when you are in a secure environment by displaying either a locked padlock or an image of a key in the grey bar at the bottom of the page
      • The web site address should begin with https – the’ s’ meaning ‘secure’
    • Your browser may warn you when you are entering a secured environment as you go to place your order

Third party payment processors

  • We use the trusted Payment service provider Sagepay to handle all payments safely and securely
    • Your payment details are passed to them at the time that you complete an order
    • Payment is cleared and funds transferred to us to enable us to complete the order
    • Sagepay’s Privacy Policy can be viewed by clicking the link below
  • We also use Paypal
  • To comply with PCI DSS regulation and compliance we do no take payment directly within our site. Customers are directed to Sagepay and Paypal to make payment and are returned to our site upon completion.

Keeping your information secure

  • To help us keep your information secure you should take the following steps
    • When creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained
    • Keep your password secret
      • We may not be fully liable to data security should you reveal passwords to third parties
  • If you forget your password, you can request a new password, which will be emailed to the address we hold for you
    • You can change your password anytime through the account facilities on the website
    • o Should we think that there is likely to be, or has been any breach of security, we may change your password and notify you of the change by email
  • Never distribute the website address for pages that you have looked at while logged in as a registered customer

4 Third party supplier security

  • Our partners are vetted and their security policies reviewed regularly to ensure responsible hosting, commitment to and complicity with the GDPR
  • You can contact us at any time in respect of any concerns or inquiries in our third party agreements
    • To view our third party suppliers click here
Data sharing

We do not sell, trade, or rent clients’ personal information to others.

However, in order to deliver a premium service we may use selected third party organisations in the delivery and administration of business services to you.

We will only share your information with these parties for the purposes stated in this privacy statement

You can contact us in respect of data sharing at any time.

In order to provide our services to you or to otherwise fulfil contractual arrangements, we may need to appoint other organisations to carry out some of the data processing activities on our behalf.

We only work with trusted suppliers with a commitment to data security, privacy, transparency and accordance the General Data Protection Regulation

  • We reserve the right to change our suppliers in the delivery of best services

1 Purposes for which we may use third parties in the provision of businesses services

  • Payment processing organisations
    • Opayu, Evalon and Paypal
  • Delivery organisations
    • Fedex, Royal Mail, GB McCready (for pallet deliveries) and Evri (formerly Hermes)
  • Customer review site sites
    • Feefo

We may also select specialist suppliers in the following areas at some point

  • Fraud prevention, screening and credit risk management companies
  • Mailing houses (including email and/or SMS disseminators)
  • Data cleansing providers
  • Data management services
  • Analytical consultants

2 Lawful requirements to share your data

We may also share your data with third parties in the following circumstances

  • If we are under a legal or regulatory duty to do so
  • If it is necessary to do so to enforce our terms of use, terms and conditions of sale or other contractual rights
  • To lawfully assist the police or security services with the prevention and detection of crime or terrorist activity
  • Where such disclosure is necessary to protect the safety or security of any persons
  • Where we are otherwise permitted under applicable legislation

3 International Data transfers

In the unlikely event that personal data is required to be shared across international jurisdictions outside of the UK and EU we will ensure lawful steps to ensure that your information is protected in accordance with this privacy policy.

  • This may, for example be in the administration and fulfilment of overseas orders, payments and shipping

In order to ensure security, privacy and compliance with the GDPR we will adopt ‘standard data protection clauses’ which have been approved by the European Commission for such activities. These rules can be accessed here

These are also clearly outlined by the Independent Commissioners Office here

Where we have concerns about the security of any third party country we will undertake an International Transfer Suitability Assessment in order to fully ensure we are protecting individual’s data security on a global level

4 Third party websites

Our website and other digital platforms may contain links to third party websites or digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms. We recommend that you check the privacy and security policies and procedures of each and every other digital platform that you visit.

Users may find content on our site that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors, clients and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site.

In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.


Cookies are small files of unique letters and numbers that are sent to a device’s browser from a website when users visit and navigate the site. They allow a website to recognise a device when users revisit, recollect previous browsing history and any information provided to the site.

Please CLICK HERE for more information on our Cookie Policy

Changes to this privacy policy

We aim to meet high standards, so our policies and procedures are constantly under review.

Occasionally we may change this privacy policy and we recommend you check this page periodically to review the latest version.

This Privacy Notice was last amended May 2018.

Contacting us about your personal data or this privacy policy

If you have any questions about this privacy policy or in any respect of your personal data, please contact us at any time.

If you feel you have been mistreated or your personal data privacy and security has been mismanaged by us you can report this to the UK regulatory authority The Independent Commissioners Office here