Actually, another quick question. Can he/I access an account via Bitcoin Core client with only a private key?
You can import the private key. In Bitcoin Core, click Help > Debug Window > Console > enter importprivkey "privkey"
After this, wait a long time (depending on your system speed) for a complete rescan. Note that you can't remove a private key from a wallet.dat anymore after importing.
Should I have put the .dat file with the key on the sticks?
It wouldn't hurt to keep it.
I think using a web browser and a 3rd party website to create a wallet for cold storage is a silly idea. I wouldn't even do that, web browsers are a big target for sniffers/stingrays.
For this reason, the offline Linux LIVE CD is recommended. It disables any remote attack.