Regulation

Regulations for the Use of the University of Bremen’s Data Processing Systems

Entry into force 18 June 2009

Preamble

Die University of Bremen and its institutions (“administrator” or “system operators”) maintain an information and communications infrastructure (ICT infrastructure) comprising data processing facilities (computers), communication systems (networks), and various support facilities for data processing. The ICT infrastructure is integrated in the German research network and hence in the Internet.
The following conditions regulate the use of the services provided within the aforementioned context.

Article 1 Scope

These Regulations encompass the use of the ICT infrastructure maintained by the University of Bremen and its institutions.

Article 2 Users, user groups, and usage

  1. Access to the ICT infrastructure maintained by the operator is open to members of the University of Bremen, its affiliated institutes, and other like persons and institutions within the context of activities concerned with research, teaching, administration, training and further education, public relations and communications, external presentation, as well as other tasks as may be described in the Bremen legislation governing higher education (Bremer Hochschulgesetz).
  2. Persons and institutions other than the aforementioned may from time to time also be granted access.


Article 3 Formal Authorization for Use

  1. Prerequisite to be granted permission to use the ICT resources maintained by the operator is a formal user authorization issued by the respective system operator. Services provided for anonymous access (e.g. information services, library services, short-term user IDs during conferences) constitute an exception to this rule.
  2. The system operators are:
    1. For central systems, the Zentrum für Netze [Center for networks];
    2. For decentralized systems, the respective organizational unit (Faculty, institute, operating or organizational unit of the University of Bremen).
  3. Applications for formal user authorizations are to include the following details:
    1. Operator/institute or organizational unit to which the application for formal user authorization is addressed,
    2. The systems to which the user authorization shall apply,
    3. Details of applicant: Name, address, date of birth, telephone number (students must also provide their enrollment number) and, if applicable, the organizational unit of the University of Bremen to which they belong,
    4. Brief description intended purpose of use, e.g. research, training/ teaching, administration),
    5. Statement of consent to be listed in the University of Bremen’s information services (e.g. LDAP),
    6. A statement to the effect that the user accepts to be bound by the conditions of the present Regulations and agrees to respective personal data being saved and processed.

      The system operator shall only be entitled to request additional information in the event that such information may be absolutely necessary for processing the application.

  4. Applications shall be processed by the respective system operator. The decision to grant permission for use may be made dependent on providing evidence of the user’s competency to use the facility.
  5. The issuing of an authorization to use the ICT facilities may be refused in the event that
    1. there is reason to believe the applicant may not be able to fulfill the accordant user obligations;
    2. the capacity of the facility in question is already utilized to an extent that no longer permits further utilization for the purpose intended;
    3. the proposed use is not compatible with the provisions of Article 2 I and Article 4 I;
    4. the facility is clearly not suitable for the proposed use or is reserved for another specific use;
    5. the facility in question is connected with a network that calls for complying with particular data protection requirements and there appears to be no substantiated reason for access or
    6. it is to be expected that the use applied for may unreasonably interfere with other authorized usage.
  6. The user authorization shall solely refer to activities that have a direct connection with the proposed use stated in the application.


Article 4 User Obligations

  1. The ICT resources maintained by the operator may only be used in connection with the purposes listed Article 2 Section1. The use for any other purposes, in particular for commercial use, shall be subject to special approval on the part of the operator. Such approval may be attached to additional conditions (e.g. fees).
  2. Users are to ensure that the facilities provided (work stations, CPU capacity, memory, capacitance, peripheral equipment and consumables) are used properly and economically and in accordance with instructions given by the operator’s staff. In particular, users must not do anything that may knowingly interfere with the efficiency of the system’s operation and will do their utmost to prevent the ICT infrastructure or other users from suffering damage. Users are to report forthwith any disturbances to the system operator.
  3. Users are not to misuse the ICT infrastructure in any way whatsoever. In particular, they must,
    1. protect unauthorized access to the ICT resources by using a password or similar means that is to be kept secret;
    2. only work with user IDs that have been authorized;
    3. take steps to prevent use of the ICT resources by unauthorized persons; in this respect they shall avoid using passwords that may be easy to guess, change their password at suitable time intervals, and log out on completing work sessions;
    4. keep any record of their password or analogue means of identification (e.g. smartcard) in a safe place where it cannot be seen, passed on or accessed by unauthorized persons;
    5. when using software, documentations and other data always adhere to legal prerequisites (copyright law etc.);
    6. keep themselves informed about software, documentations or data that may be partially subject to license agreements and respect any such agreements;
    7. in particular, unless expressly authorized to do so,  not reproduce or make copies of any software, documentation or data or to pass such on to others, especially not for commercial purposes;
    8. follow the guidelines placed at their disposal by the operator;
    9. when communicating with computers and networks run by other operators also adhere to their rules of access.
  4. Without the express consent of the respective operator the user shall not
    1. attempt to install any hardware;
    2. make any change to the configuration of the operating system or network.

     

The authorization to install software is subject to special rules depending on the respective spatial and technical circumstances.

Article 5 Misuse

It shall be considered a misuse should the user either knowingly or gross negligently make use of the ICT infrastructure in a manner that contravenes the law (e.g. penal law, data protection law, youth protection law, copyright law). It is strictly forbidden to view, download or distribute pornographic images or scripts or racist propaganda.

Article 6 Data Protection

Prior to commencement of use, the user undertakes to arrange with the operator to provide and consent to the processing of personal data. In all events the provisions of the law on data protection shall apply.

Article 7 Operator’s Duties, Rights and Obligations

  1. The system operator shall maintain a log of the user rights granted. These documents are to be kept for at least two years following expiration of the respective authorization.
  2. The system operator shall provide the user with the names of persons to contact should the need arise.
  3. The system operator shall contribute in an appropriate manner towards helping to prevent or discover misuse on the part of the user. This shall not involve accessing the user’s personal data.
  4. The system operator may,
    1. Carry out regular checks for the security of system and password with suitable software tools in order to protect resources and user data from attacks by third persons;
    2. In consultation with the respective data protection officer document and evaluate the user’s activities (e.g. by means of log-in times or linked data in network traffic), always provided this is with the purpose of invoicing, resource planning, supervision of operations, or tracing errors and breaches of law or against the present Regulations;
    3. In consultation with the respective data protection officer and in accordance with a four-eye principle and necessity of keeping a record have access to user files in the event there is cause to believe there has been a breach of these Regulations or an instance of unlawful activities or when it may become necessary to ensure the smooth operation of the facilities. The user shall be informed of any such intervention.
    4. Initiate measures to procure evidence in the event that there is proof of unlawful usage.
  5. The system operator undertakes to handle any intervention in the strictest confidence.
  6. The system operator undertakes to observe the user and access when trafficking with the computers and networks of other operators.


Article 8 System Operators Liability/Liability Disclaimer

  1. The system operator can give no guarantee that the system functions comply with the user’s specific needs or requirements or that the system shall always function smoothly and without interruption. The system operator can accept no responsibility for the integrity and confidentiality of any data saved.
  2. The system operator shall not be held liable for any damage – howsoever caused – that the user may incur through the use of the ICT resources in question, to the extent that this may be allowed within the context of valid law.


Article 9 Consequences of Misuse or Illegal Usage

  1. In the event of breaches of legal regulations or violations of the conditions contained in these Regulations, in particular those mentioned in Articles 4, 5 and 6, the system operator shall be entitled to restrict or cancel the user’s authorization.
  2. In the event of serious or repeated violations the user can be permanently excluded from the use of all the University of Bremen’s ICT resources.
  3. In the event of breaches of existing law or violations of the conditions contained in these Regulations the University of Bremen expressly reserves the right to initiate regulatory, labor law or penal steps as well as claims under civil law.


Article 10 Miscellaneous

  1. It shall be possible within the context of a separate agreement to charge fees for the use of ICT resources.
  2. It shall be possible to determine complementary or other regulations of use for specific systems.
  3. Place of jurisdiction for all disputes arising from these Regulations for the use of the University of Bremen’s Data Processing Systems is Bremen.