Search

  • Acceptable Use Policy

Acceptable Use Policy


Last updated: 22 March 2016

Preamble

The University of Augsburg’s Computer Services (the "operators" or "system operators") operate an information processing infrastructure, consisting of data processing units (computers), communications systems (networks), and other support devices for information processing. The information processing infrastructure is integrated into the German National Research and Education Network (Deutsches Wissenschaftsnetz) and the Internet.

This acceptable use policy governs the conditions and requirements for the information processing infrastructure regarding both its operation and use.

This policy

  • is based on the legal responsibilities of the universities and their mandate to protect academic freedom;
  • establishes basic rules for the proper operation of the information processing infrastructure;
  • indicates the rights of third parties which must be observed (e.g. software licences, network provider requirements, data protection issues);
  • requires the user to adhere to a proper code of conduct and to use the available resources economically;
  • provides information about the operator’s rights and remedies in the event of a violation of the acceptable use policy.

The acceptable use policy falls under the operational regulations as stipulated in Section 7 of the Computer Services’ internal rules and regulations.

Section 1 Scope

This acceptable use policy applies to the information processing infrastructure operated by the University of Augsburg and its constituent parts, including data processing units (computers), communications systems (networks), and other support devices for information processing.

Section 2 Users and Functions

  1. Members of the University of Augsburg are granted access to the information processing infrastructure mentioned in Section 1 in order to perform their functions in areas of research, administration, training, public relations and to fulfil other responsibilities specified in Art. 2 of the Bavarian Higher Education Act (Bayerisches Hochschulgesetz, BayHSchG).
  2. Other individuals and organisations may be granted access by submitting a written request.

Section 3 Formal User Authorisation

  1. Use of the information processing infrastructure pursuant to Section 1 requires formal user authorisation from Computer Services, except for services configured for anonymous access (e.g. information services).
  2. The Computer Services unit acts as the system operator for central information processing and the communication system (university data network).
  3. The application for formal user authorisation must include the following information:
    • the systems for which you are requesting user authorisation;
    • the applicant's personal information: name, university affiliation and address of their organisational unit;
    • general information on the intended use of the services, e.g. research, training/teaching, administration;
    • entries for the university information and directory services;
    • user agreement to the Computer Services’ operating regulations as outlined in this acceptable use policy;
    • user agreement to the collection and processing of personal data in accordance with Section 5 (4).

The system operator may only request further information if necessary to facilitate the decision to accept or decline an application.

  1. As system operator pursuant to Section 3 (2), the Computer Services unit makes decisions about applications for user authorisation. The system operator may make granting authorisation dependent on proof of certain skills and knowledge regarding the use of the services and facilities requested.
  2. User authorisation may be denied if
    1. there is reason to believe that the applicant will not be able to fulfil their obligations as a user;
    2. the facility cannot accommodate the use capacity required by the user for the planned tasks due to other use that has already been authorised;
    3. the intended use is not in accordance with the aims stipulated in Section 2 (1) and Section 4 (1);
    4. the facilities are not suitable for the intended use or are already reserved for special purposes;
    5. the facilities in question are part of a network with special data protection requirements, but no practical reasons for the request for access can be identified;
    6. it is obvious that other authorised users will be inordinately inconvenienced by the requested use.
  3. The user authorisation is only valid for work related to the intended use detailed in the application.
  4. User authorisation is non-transferable.

Section 4 User Obligations

  1. You may use the information processing resources as described in Section 1 only for the purposes stipulated in Section 2 (1). You must submit an additional application and payment for any other use, especially commercial use.
  2. The user must be responsible and efficient with the limited resources available (workstations, CPU capacity, memory, cable capacity, peripheral devices and other supplies). Users must refrain from doing anything that is likely to disrupt operations and avoid, to the best of their knowledge, all actions that might cause damage to the information processing infrastructure or to the work and property of other users.

Violations of this policy may result in damage claims (Section 7).

  1. Users are to refrain from improper use of the information processing infrastructure. In particular, users are required to
    1. use only those accounts for which they have express permission; it is prohibited to share login information with others;
    2. take measures to prevent unauthorised third parties from gaining access to the information processing resources, such as avoiding simple passwords that can easily be guessed, changing passwords frequently and logging out at the end of every session.

Users assume full responsibility for all activities conducted via their account, including activities undertaken by third parties explicitly given access to the account or who gained access due to negligence on the user’s part.

The user is further obligated to

    1. respect legal conditions, especially concerning copyright and trademark regulations, when using software and information resources;
    2. be aware of and follow the terms and conditions associated with the licence agreements for acquired software, documentation or other data;
    3. refrain from copying or sharing software, documentation or other data without express permission; nor may said software be used for purposes other than those permitted, especially not for commercial purposes;
    4. respect laws and regulations regarding data protection as well as online publication rights.

Violations may result in damage claims (Section 7).

  1. Use of the information processing infrastructure obviously must adhere to the law and relevant legal regulations. Be aware that the following acts in particular are punishable offences pursuant to the German Criminal Code (Strafgesetzbuch, StGB):
    1. data espionage - Section 202a of the German Criminal Code (StGB);
    2. unauthorised deleting, suppressing or altering of data and rending data unusable - Section 303a of the German Criminal Code (StGB);
    3. computer sabotage - Section 303b of the German Criminal Code (StGB) and computer fraud - Section 263a of the German Criminal Code (StGB);
    4. dissemination of propaganda material from unconstitutional organisations - Section 86 of the German Criminal Code (StGB) or racist ideas - Section 130 of the German Criminal Code (StGB);
    5. distribution of certain types of pornography on the Internet - Section 184 (3) of the German Criminal Code (StGB);
    6. downloading or possession of documents containing child pornography - Section 184 (5) German Criminal Code (StGB);
    7. defamation, libel, slander and the like - all sections of Section 185 of the German Criminal Code (StGB);
    8. copyright infractions, e.g. unauthorised copying of software – Section 2, Sections 15 and following, Sections 97 and following of the Act on Copyright and related Rights (Urheberrechtsgesetz, UrhG);
    9. trademark infractions - Sections 14 and following of the Act on the Protection of Trade Marks and other Symbols;
    10. torts, e.g. damaging ◊ the University of Augsburg’s reputation - Sections 823 and following of the German Civil Code;

The University of Augsburg Computer Services unit reserves the right to press charges for criminal offences as well as infractions against civil law (Section 7).

  1. Users must obtain permission from the system operator in order to
    1. alter hardware installation;
    2. change the configuration of the operating systems or the network.

Software installation rights are regulated separately and depend on individual circumstances and system requirements.

  1. Users must communicate plans to edit personal data to the system operator before carrying out changes. This policy shall not affect any duties or obligations stipulated by data protection legislation. The user is not allowed to read or process messages intended for other users.
  2. Users are obligated to
    1. observe the user guidelines provided by the system operator;
    2. uphold the acceptable use policies of other service providers when working with their computers and networks.

Section 5 Responsibilities, Rights and Obligations of System Operators

  1. The system operator keeps records on users and their access rights. The records must be kept for an additional 6 months after authorisation has expired.
  2. The system operator provides information on the contact persons responsible for user support.
  3. To a reasonable extent, the system operator helps prevent and expose cases of misuse or violations of the acceptable use policy, especially violations of copyright, data protection or provisions against criminal acts. In this respect, they are authorised to
    1. take appropriate safety measures, including spot checks to test that the information processing infrastructure and user data under their supervision are protected from third-party attacks;
    2. inspect users’ files as a necessary measure in maintaining regular operations or in preventing misuse if it is suspected (for example, the illegal sharing or storing of information). Such inspections must adhere to the duty of keeping records as well as the four eyes principle.
    3. take necessary actions to preserve evidence if there are substantial grounds for suspecting criminal conduct.
  4. Within the scope of their jurisdiction, the system operator is authorised to document and evaluate users’ activities (e.g. login times, connectivity with the network) as long as doing so serves one or more of the following: accounting purposes, resource planning, monitoring operations, investigations of system errors and violations of this acceptable use policy or other legal provisions.
  5. The system operator is required to maintain confidentiality.
  6. The system operator must observe the acceptable use policies and access agreements of other service providers, whose computers or networks the system operator is working with.
  7. In order to ensure IT security, the system operator can temporarily or permanently restrict use of the information processing infrastructure.

Section 6 System Operator’s Liability and Exclusion of Liability

  1. The system operator does not guarantee the system’s functions will correspond to the specific requirements of the user or that the system will run without errors or interruptions. The system operator cannot guarantee the preservation (vis-à-vis corruption or manipulation) or confidentiality of stored data within the system.
  2. Unless otherwise specified by law, the system operator is not liable for damages of any kind that result from the use of the information processing infrastructure as per Section 1.

Section 7 Consequences of Improper or Criminal Use

  1. In the event of a violation of legal provisions or the regulations stipulated in this policy, especially those in Section 4 (Responsibilities of the User), the system operator may restrict or completely revoke user authorisation. It is irrelevant in such cases whether the violation resulted in material damages.
  2. In cases of egregious or multiple violations, users can be permanently banned from using the entire information process infrastructure as per Section 1.
  3. Violations of legal provisions or the regulations stipulated in this acceptable use policy will be weighed according to their relevance to criminal and/or civil prosecution. Significant cases will be forwarded to the appropriate legal department, which then decides if further action is necessary. The University of Augsburg’s Computer Services unit reserves the right to press charges for criminal offences as well as infractions against civil law.

Section 8 Other Regulations

  1. Certain fees may be applied to different features and elements of the information processing infrastructure.
  2. Different features and elements may require additional terms and conditions.

 

 

Disclaimer

This accepted use policy has been worded carefully to be up to date; however, errors cannot be completely excluded. The official German text available at https://www.rz.uni-augsburg.de/de/info/richtlinien/benutzungsrichtlinien/ is the version that is legally binding.