Regional Computing Center Regulations for Use
Regional Computing Center Regulations for Use (PDF)
Universität Hamburg administrative directive dated June 2005
As director of the Regional Computer Center, I hereby issue the following Regulations for Use as an administrative directive for the Regional Computer Center at Universität Hamburg.
Prof. Dr.-Ing. Karl Kaiser
Preamble
These Regulations for Use are intended to ensure the most uninterrupted, unhindered, and secure use possible for the RRZ communications and IT infrastructure. The Regulations for Use are based on the statutorily defined tasks of Universität Hamburg as well as its mandate to preserve academic freedom. They establish basic rules for proper operation of the IT infrastructure and thus govern the usage relationship between individual users and the RRZ.
Section 1 Scope
These Regulations for Use apply to the use of the RRZ’s information processing infrastructure, consisting of the data processing equipment, communications systems, and other computer-based information processing equipment under the RRZ’s control. With respect to employees at Universität Hamburg, employment and civil service provisions take precedence over these Regulations for Use in cases of any conflict.
Section 2 Authorization and access for use
1. The following individuals, groups, or entities may be granted permission to use RRZ services:
-
Members, affiliates, and institutions including the central administration at Universität Hamburg;
-
Representatives of Universität Hamburg for the purpose of performing their commissioned duties;
-
Members of other universities of the Free and Hanseatic City of Hamburg (FHH) or state universities outside the FHH on the basis of special agreements;
-
Other state research and educational institutions and FHH authorities on the basis of special agreements;
-
Student services in FHH;
-
Other legal entities or natural persons, provided that the interests of the users named under a to e are not affected.
2. Access is granted exclusively for academic purposes in research, teaching, and study; for purposes of the library and university administration, education, and training; and for the performance of other tasks of Universität Hamburg. Additional uses may be permitted only where the use is minor and will not impair the purpose of the RRZ or the interests of other users. Commercial application and use is not permitted.
3. Access to use the facilities and services of the RRZ is granted through user authorization. This is issued by the RRZ in writing upon the request of the person desiring access for use.
4. The application should contain the following information on a form provided by the Regional Computing Center:
-
Name, address, and signature of the applicant as well as the applicant’s status as either a student, employee, institution, or other user as defined in number 1 of these Regulations;
-
Description of the intended use or proposed project;
-
Desired data-processing resources;
-
A declaration of consent corresponding to the extent that personal data will be processed by the user;
-
Recognition of these Regulations for Use and the Rules of Operation issued by the RRZ as the basis of the agreement of use;
-
Recognition of the cost and fee schedule as amended.
Additional information may only be collected to the extent necessary to make a decision on the application for the grant of access.
5. Use authorization is limited to the project specified in the application or by semester in the case of personal student identifiers and may otherwise be limited in duration.
6. In order to ensure proper and uninterrupted operation, authorization for use may also be combined with restrictions of the computing and online time as well as other use-related conditions and requirements.
7. Furthermore, the RRZ may make access conditional on the provision of proof of certain knowledge by the user on how to use the desired data-processing systems and data-processing services.
8. If data-processing resource capacity is not sufficient to meet the needs of all authorized users, operational resources may be allocated to individual users in the order of priority established in number 1 of these Regulations.
9. Authorization for use may be denied, revoked, or subsequently restricted, in whole or in part, in particular if
-
a proper application has not been submitted or the information in the application is not or is no longer accurate;
-
the requirements for proper use of the data-processing facilities are not or are no longer met;
-
the person authorized to use the facilities has been excluded from use pursuant to Section 4;
-
the planned project of the person using the facilities is not compatible with the tasks assigned to the RRZ and the purposes stated in number 2;
-
the existing data-processing resources are unsuitable for the requested use or are reserved for special purposes;
-
the capacity of the resources sought to be used is insufficient for the planned use because of an existing workload;
-
the data-processing components to be used are connected to a network that must meet special data-protection requirements and no objective reason for the planned use is apparent;
-
the requested use is expected to unreasonably interfere with other legitimate projects.
Section 3 User rights and obligations
1. Authorized users have the right to use the facilities, data-processing systems, and information and communication systems of the RRZ within the scope of their respective authorization for use and in accordance with these Regulations for Use.
Any other use requires separate approval.
2. Users must
-
comply with the provisions of the Regulations for Use, observe the limits of the authorization of use, and—in particular—observe the purposes of use according to Section 2 number 2;
-
refrain from anything that interferes with the proper operation of the data-processing facilities of the RRZ or third parties;
-
treat all data-processing equipment, information and communication systems, and other RRZ facilities with care and consideration;
-
exercise special care when using private systems and operating them on the Universität Hamburg communications network;
-
work exclusively with the usernames issued for access;
-
ensure that no other persons obtain knowledge of user passwords, and take precautions to prevent unauthorized persons from accessing the RRZ’s data-processing resources, including protecting access by means of a suitable password (i.e., one that is not easy to guess), which is to be kept secret and changed as regularly as possible;
-
not attempt to discover or employ the usernames or passwords of others;
-
not attempt to gain unauthorized access to the information of other users and not pass on, use, or change the information of other users without permission;
-
comply with legal requirements when using software, documentation and other data—particularly requirements regarding copyright law—and observe the licensing conditions under which such software, documentation, and data are made available by the RRZ;
-
not copy or pass on software, documentation, or data provided by the RRZ to third parties, unless expressly permitted, nor use them for purposes other than those permitted;
-
follow the instructions of the staff while on the premises of the RRZ and observe the RRZ’s house rules;
-
provide proof of authorization for use upon request;
-
not attempt to fix malfunctions, damage, or errors on data-processing equipment and data storage devices of the RRZ but should rather report such to RRZ staff immediately;
-
not tamper with the RRZ’s hardware installations or modify the configuration of the operating systems, system files, system-relevant user files, or network without the RRZ’s express consent;
-
on justified request and for purposes of control, provide the RRZ’s management with information on programs and methods that have been used and permit inspection of the programs—especially in the event of the justified suspicion of improper use as well as for troubleshooting purposes;
-
coordinate any processing of personal data with the RRZ and take into account the data protection and data security precautions proposed by the RRZ without prejudice to the user’s own obligations under data protection law;
3. Attention is directed specifically to the following crimes:
-
data espionage (Section 202a of the German Criminal Code [Strafgesetzbuch, StGB]);
-
data manipulation (Section 303a StGB) and computer sabotage (Section 303b StGB);
-
computer fraud (Section 263a StGB);
-
dissemination of pornography (Section 184 StGB), in particular retrieval or possession of child pornography (Section 184 subsection 5 StGB);
-
dissemination of propaganda material of unconstitutional organizations (Section 86 StGB) and incitement of the masses (Section 130 StGB);
-
defamation, such as libel or slander (Sections 185 et seq. StGB);
-
criminal copyright infringements, for example, by copying software in violation of copyright law (Sections 106 et seq. Act on Copyright and Related Rights [Gesetz über Urheberrecht und verwandte Schutzrechte, UrhG]).
Section 4 Exclusion from use
1. Users may be temporarily or permanently restricted in their use of data-processing resources or excluded from such use if:
-
they culpably violate these Regulations for Use, in particular the obligations listed in Section 3 (conduct in violation) above, or
-
there is strong probable cause to believe that users are improperly using RRZ resources for criminal acts, or
-
the University is adversely affected by virtue of other illicit user behavior, or
-
the user is uncooperative when malfunctions are being rectified (e.g., by disregarding or failing to promptly undertake instructions provided by RRZ staff to eliminate malfunctions).
2. Users must be given a warning prior to measures pursuant to number 1 being taken, unless for conduct pursuant to Section 3 number 3, or where it appears necessary to maintain operation without disruption. The user must be afforded the opportunity to be heard on the matter. They may ask the mediator of the Senate Committee for Data Processing to mediate. In any case, the user must be given the opportunity to secure their data.
3. A decision regarding the temporary restriction of use by the RRZ director or an authorized RRZ staff member will be rescinded once proper use again appears to be guaranteed.
4. A permanent ban on use or the complete exclusion of a user from further use is only possible in the case of serious or repeated violations as defined in number 1, when proper conduct can no longer be expected in the future. A formal administrative decision on a permanent ban shall be decided by the head of administration upon an application submitted by the RRZ director and subsequent to a hearing before the senate committee for data processing (Senatsausschuss Datenverarbeitung, SenA-DV). This shall not affect any other RRZ claims arising from or in connection with the user relationship.
Section 5 RRZ rights and obligations
The RRZ maintains user files containing allocated user authorizations, which include usernames and email identifiers, resources authorized for use, and the names and addresses of authorized users.
1. To the extent necessary for troubleshooting, system administration, and system expansion, or for reasons of system security and protection of user data, the RRZ may temporarily restrict the use of resources or temporarily block individual usernames. If possible, affected users will be informed prior to any action taken.
2. If there are actual indications that a user is providing illegal content for use on RRZ systems, the RRZ may prevent further use until the legal situation has been sufficiently clarified.
3. The RRZ is entitled to check the security of system/user passwords and user data as well as the security of systems connected to the Universität Hamburg network by means of regular manual or automated measures and to implement necessary protective measures (e.g., changes to easily guessed passwords) in order to protect data-processing resources and user data from unauthorized access by third parties. Users or third parties responsible for an area that has been affected must be promptly informed if it is necessary to change user passwords or access authorizations to user files or otherwise undertake other protective measures relevant to use.
4. In accordance with the following provisions, and to the extent necessary, the RRZ is entitled to document and evaluate the use of the data-processing systems by the individuals using them
-
to ensure proper system operation;
-
to protect the personal data of other users;
-
for accounting purposes;
-
for the detection and elimination of malfunctions; or
-
to clarify and prevent illegal or improper use.
5. Where good cause exists, the RRZ is also entitled, under the conditions of number 4 above, to inspect user files in compliance with data secrecy insofar as necessary to eliminate current malfunctions or to clarify and prevent improper use.
However, accessing messaging and email mailboxes is only permissible if this is indispensable to rectify current faults in the messaging service.
Any and all access must be documented and the user affected must be promptly notified once the purpose of the access has been completed.
6. Under the conditions of number 4 above, the connection and usage data in communications (especially email usage) may also be documented. However, only the specific instances of telecommunication and not the nonpublic communication contents may be collected, processed, and used. To prevent viruses and spam attacks, the RRZ is entitled to use appropriate technical measures (e.g., virus scanners and spam filters).
The connection and usage data of online activities on the internet and other telecommunication services that the RRZ provides or to which the RRZ provides access will be deleted as soon as possible unless this concerns billing data.
7. In accordance with statutory provisions, the RRZ must maintain telecommunications and data secrecy.
Section 6 User liability
1. Users will be held liable for any disadvantage suffered by Universität Hamburg arising from improper or illegal use of data-processing resources and user authorizations as a result of negligent noncompliance with these Regulations for Use.
2. Users are also liable for any and all damages or loss caused by a third party’s use of the data-processing system, provided that such third-party access and use is attributable to the conduct of the user—especially in cases where usernames have been passed on to third parties. In such cases, Universität Hamburg may charge the user a fee for third-party use in accordance with fee regulations.
3. Users indemnify and hold Universität Hamburg harmless against any and all third-party claims for damages, injunctive relief, or otherwise filed against Universität Hamburg on account of users’ improper or unlawful conduct. To the extent any third party has taken legal action against the RRZ, Universität Hamburg will add that user to the claim.
Section 7 Universität Hamburg liability
1. Universität Hamburg does not warrant that systems will run error-free and without interruption at all times. Possible data loss as a result of technical malfunctions as well as the discovery of confidential data through unauthorized access by third parties cannot be entirely excluded.
2. Universität Hamburg assumes no responsibility for the accuracy of the programs made available. Universität Hamburg is also not liable for content, in particular for the accuracy, completeness, and currency of information to which it merely provides access for use.
3. Universität Hamburg assumes no liability for damage or loss to private systems that use Universität Hamburg’s communications network.
4. This notwithstanding, Universität Hamburg is only liable for cases of intentional misfeasance and/or gross negligence on the part of its employees unless there has been a negligent breach of material cardinal obligations. In such cases, Universität Hamburg’s liability is limited to typical damage or loss foreseeable at the time of the establishment of the user relationship, insofar as not attributable to intentional or grossly negligent conduct.
5. This does not affect any right to assert claims for liability against Universität Hamburg.