Privacy Policy

Effective Date: June 3, 2026
Company Name: Carr Fasteners
Website: https://carrfasteners.com.au
Contact Email: admin@hephaestus.global

Introduction

Welcome to Carr Fasteners. We respect your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or make a purchase.

While we are an Australian company primarily governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), this policy is also designed to comply with international regulations, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), to ensure the highest standards of data protection for all our users.

What Information We Collect

We collect information about you directly when you interact with our website and make a purchase, as well as automatically through tracking technologies.

    1. eCommerce and Transactional Data

      When you make a purchase or attempt to make a purchase through our website, we collect personal information necessary to fulfill our contractual obligations to you. This includes:

    • Contact & Delivery Details: First name, last name, shipping address, billing address, and phone number.
    • Shopping Cart Journey: Event triggers and user journey tracking as you navigate through the shopping cart experience and proceed to payment.
    • Payment Processing: We do not store or have direct access to your full credit card or payment card numbers. All payment processing is handled securely by our third-party payment gateway, Stripe.

    1. Analytics and Tracking Data (Google Analytics 4)

      We use Google Analytics 4 (GA4) and Google Tag Manager to collect data about your interaction with our website. This includes:

    • Standard GA4 Information: Geolocation, device type, browser type, language preferences, unique device/cookie identifiers, and standard event triggers.
    • Google Signals (Personal Data): Data signals that allow for cross-device tracking and remarketing campaigns.
    • Enhanced Measurement Features: Scrolling behavior, outbound clicks, site search queries, form interactions, video engagements, and file downloads.

How and Why We Use Your Information

We collect and process your data based on specific legal bases and for defined purposes:

  • Contractual Necessity (eCommerce): We must capture your contact, shipping, and billing information to process your orders, deliver products, and provide customer support.
  • Tracking and Remarketing (Consent): Analytics data, including Google Signals, is gathered to understand how users interact with our website, improve our digital presence, and serve targeted remarketing campaigns.
  • Legal Compliance: We retain financial and transaction data to comply with Australian tax and financial laws.

Cookies, Tracking, and Consent

We capture analytics and tracking information via cookies and similar technologies, following international guidelines for each region.

  • Consent: Remarketing and non-essential cookies will only deploy after you provide explicit consent via our cookie consent banner or your privacy settings, in regions where it is required by law (e.g., GDPR, CCPA).
  • Opting Out: You may withdraw your consent or manage your cookie preferences at any time through our website's cookie settings or by using browser-level controls.

Data Sharing and Third Parties

We do not sell your personal data. However, we do share information with trusted third parties to facilitate our services. This sharing follows strict Google Analytics, Google Tag Manager, and industry guidelines.

  • Payment Processors: Transactional data is shared with Stripe to facilitate secure payment processing.
  • Analytics Providers: Usage and tracking data is shared with Google to provide GA4 analytics and remarketing services.

International Data Transfers

Because our trusted service providers are global entities, your data may be transferred to, processed, and stored outside of Australia.

  • United States: Both Google (GA4) and Stripe are headquartered in the United States. Consequently, data shared with these platforms is transferred to the US.
  • Legal Safeguards: We ensure these international data transfers are legally safeguarded. Our agreements with these providers incorporate Standard Contractual Clauses (SCCs) or equivalent legally binding data processing agreements that ensure your data receives a level of protection comparable to the Australian Privacy Principles and international equivalents (GDPR/CCPA).

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • eCommerce & Financial Records: Transaction and purchase data will be kept for 7 years as required by Australian tax and financial record-keeping laws. After this period, the data will be securely destroyed or permanently de-identified.
  • Analytics Data (GA4): User-level and event-level data linked to cookies, user identifiers, or advertising identifiers is retained for the maximum period allowed by Google (up to 14 months).
  • Aggregated Analytics Data: Standard high-level reporting data that has been fully aggregated and anonymized does not expire and is kept indefinitely for historical comparison.

Your Privacy Rights

Depending on your location (under the APPs, GDPR, or CCPA/CPRA), you have significant rights regarding your personal information:

  • Access and Portability: You have the right to request a copy of the personal data we hold about you.
  • Correction: You have the right to request that we correct any inaccurate or incomplete information.
  • Deletion (Right to be Forgotten): You have the right to request the erasure of your personal data, subject to certain legal exceptions (e.g., our 7-year financial retention requirement).
  • Opt-Out: You have the right to opt-out of data collection for remarketing and targeted advertising purposes.

How to Exercise Your Rights: To submit a request regarding your privacy rights, please contact us at admin@hephaestus.global. We will acknowledge your request promptly and aim to fulfill it within 30 days.

Complaints and Escalation

We take your privacy concerns seriously. If you believe we have breached the Australian Privacy Principles or mishandled your data, please contact us first at admin@hephaestus.global so we can investigate and resolve the issue.

If you have asked for your information to be removed or corrected, or if you have lodged a complaint, and Carr Fasteners has not responded within a reasonable timeframe (roughly 30 days), or if you are unsatisfied with our response, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

  • OAIC Website: www.oaic.gov.au
  • OAIC Phone: 1300 363 992

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Carr Fasteners 1/412 North East Road Windsor Gardens SA 5087 Australia
Email: admin@hephaestus.global
Website: https://carrfasteners.com.au

HG_LockUp 1_Colour
Mitchell+Cheesman_Lockup A Colour
DOT_Colour
Toolcraft Lockup A Colour
SharmanShelving Colour