Privacy Policy
At Inkjar, we care deeply about your privacy. For that reason, we make it a commitment to stay as private and transparent as possible.
What data is collected?
When you apply for a position at Inkjar through Google Forms, Google processes your request. From this form, we collect:
- your email address,
- your full name,
- the grade you are currently in,
- the branch you want to enter,
- your resume and portfolio works,
- the time you can allocate to Inkjar; and:
- any further remarks made through a free-form box.
If you don't fit a position at Inkjar, this data is deleted shortly after notification to you. If you do get a position (congrats!), we store the following for the length you're with us:
- your full name,
- your phone number,
- your email address; and:
- your position at Inkjar.
Your first and last name will be sent to email provider Migadu to create your @inkjar.org email address. Your email address with also be shared to allow Migadu to send an email to setup your mailbox without the further need of internal resources.
When you submit a commission request, we use Google Forms to process your request. From this form, we collect:
- your email address,
- your name,
- the club or oragnisation you are commissioning on behalf of, if any,
- the branch or branches you are commissioning,
- the reference photos you submit,
- the deadline you provide,
- the description of the work; and:
- any further remarks made through a free-form box.
If we don't accept your commission, this data is deleted shortly after notification to you or your organisation. If we accept your commission, we store all the aforementioned data until the end of that fiscal year.
What data do third-parties have access to?
When you apply for a position at Inkjar or submit a commission request, you submit the data through Google Forms. Google, in theory, has access to all the data submitted through this form and stores the data on servers in the United States.
When you receive or send emails to Inkjar employees, emails are handled via Migadu, our email service provider. Migadu, in theory, has access to all the data submitted through emails and stores the data on servers in France.
Who has access to stored data?
The data is processed and stored by the following parties:
- Inkjar members, including executives: This is used for the legitmate purpose of completing commissions. The only data members have access to are: the organisation or club (if any), the branches commissioned, the deadline provided, refrences submitted; and: descriptions of the work. Members and data falls under United States jursidiction.
- Google and their subprocessors: Commission requests and some of our applications are done through Google Forms and stored in Google Sheets, as well as Google Drive. They have theoretical access to all data submitted through these forms of submission. When streaming YouTube videos, either through the embeds on our site or through links to videos on our site, you fall under their privacy policy as well. Data is stored in the United States.
- GitHub and their subprocessors: This is used for storing and hosting commissioned sites that do not have the knowledge, or budget, to host their sites, as well as our own website. GitHub has access to both the source code of these sites, and the built versions of these sites. The source code of these sites is only made public under an open license upon explicit, written request. Servers are in the United States.
- Migadu and their subproccesors: This is used for employee mailboxes. Emails sent to and from Inkjar members is through Migadu's servers. Data is stored in France, but managed in Switzerland.
We encourage all to read the privacy policies of all of the organisations with access to stored data and gather an understanding of how their data is used by those organisations.
Your rights and choices
We follow strict moral and ethical codes to ensure you are in control of the data you provide.
Right to know
Upon request, you have the right to have all data stored about you archived and sent to you via email. This archive can be in a format of your reasonable choice.
Right to become unknown/erasure
Upon request, you have the right to have all data stored about you deleted from our records and, to our knowledge, Google's. Due to legal reasons, if a commission is paid for, we have to keep this commission until the end of that fiscal year.
How to make data requests
Write to us at gdpr@inkjar.org with your full name and the email address you've provided to us. Within 72 hours, we will get back to you confirming your request, as well as provide you with when we will be able to complete your request.
Data storage, security, and breaches
All data is encrypted using modern, standardised, and secure methods. Emails are sent to and from our servers use SPF and secure mail servers to protect both our privacy and yours, as well as better validate email authenticity. Our sites use HSTS, only use HTTPS, and have strict CSP policies to prevent any malicious scripts from being run. We sign DPAs and other privacy agreements to ensure data is handled strictly for the purpose of providing our services with other companies we work with to protect your data.
We take appropriate measures to protect the data we store and to configure our servers to prevent data breaches, but no system or configuration is perfect, so we cannot assume responsibility in the event of a misconfiguration, poor setup, or conditions out of our control, cause data loss. In the event of a data breach, we'll notify all of the contact methods we can to disclose this breach within 72 hours of us becoming aware of such breach.
Contact and other notes
You can write to legal@inkjar.org to get help as swiftly as possible on amending and fixing this document, as well as get answers to questions regarding this policy.
You can both see this site's source code and see the history of this policy on GitHub here.