Regulations

Regulations for Use of the Information Processing Systems of the University of Bremen

Version: 18. June 2009

Preamble

The University of Bremen and its institutions ('operators' or 'system operators') operate an information and communication infrastructure (IC infrastructure) consisting of data processing equipment (computers), communication systems (networks) and additional services of information processing. The IC infrastructure is integrated into the German National Research and Education Network and accordingly, the internet.

The subsequent user rules regulate the conditions for the use of these services.

Sect. 1 Area of application

These regulations apply to the IC infrastructure provided by the University of Bremen and its institutions.

Sect. 2 Users and functions

(1) The IC infrastructure of the operator is available to the members of the University of Bremen and affiliated institutes of the University of Bremen and persons of equal status in order to fulfil their tasks in the areas of research, teaching, administration, training, further education, public relations and external presentation, as well as other functions listed in the Bremen Higher Education Act.

(2) Other persons and institutions may be permitted to use the IC infrastructure.

Sect. 3 Formal user authorisation

(1) The use of the IC resources of the operator requires an application to the responsible system operator for a formal user authorisation. Services allowing anonymous access are excluded (e.g. information services, library services, short-term guest accounts for conferences).

(2) The system operator

1. for central systems is the Centre for Networks (Zentrum für Netze);

2. for decentralised systems is the respective organisational unit (faculty, institute, operational unit or other organisational unit of the University of Bremen).

(3) The application for a formal user authorisation must contain the following information:

1. operator/institute or organisational unit where the user authorisation is applied for,

2. systems for which the user authorisation is applied for,

3. applicant: name, address, date of birth, telephone number (as well as matriculation number, if the applicant is a student) and, if applicable, affiliation to an organisational unit of the University,

4. general information on the purpose of use (e.g. research, education/training, administration),

5. declaration of consent for entries in the University's information services (e.g. LDAP),

6. a declaration that the user accepts the user rules and consents to the collection and processing of personal data.

The system operator may only request further information if this is required in order to decide on the application.

(4) The application is decided on by the responsible system operator who may make the user authorisation dependent on proof of certain knowledge regarding the use of the system.

(5) The user authorisation can be denied if

1. there is no apparent guarantee that the applicant will fulfil his/her obligations as a user;

2. the capacity of the equipment the use of which is applied for does not suffice for the intended work because of the already existing rate of utilisation;

3. the intended use does not conform to the purposes specified by sect. 2 I and sect. 4 I;

4. the equipment is clearly unsuited to the intended use or reserved for special purposes;

5. the equipment to be used is connected to a network that has to comply with special data protection requirements and no substantive reason for the intended access is apparentor

6. it is to be expected that other authorised uses will be unduly disturbed by the use applied for.

(6) The user authorisation only entitles the user to carry out work that is related to the use applied for.

Sect. 4 Obligations of users

(1) The IC resources of the operator may only be used for the purposes specified in sect. 2 para. 1. Any use for other, in particular commercial uses requires a special authorisation by the operator. This may be subject to additional conditions (e.g. fees ).

(2) The available facilities (workstations, CPU capacity, disc space, circuit capacity, peripheral equipment and expendable materials) must be used responsibly and economically. Users are to comply with the instructions of the operator's personnel. In particular, users are to refrain from any action that might be expected to impair operations and, to the best of their knowledge, avoid any action that might cause damage to the IC infrastructure or other users. Users must immediately report any system malfunction to the system operator.

(3) Users are to refrain from any misuse of the IC infrastructure. In particular, they are obligated

1. to protect the access to IC resources by a confidential password or a corresponding method;

2. to employ only user names that they have been permitted to use;

3. to ensure that unauthorised third parties cannot access IC resources, in particular by avoiding passwords that are easy to guess, by changing passwords at regular intervals and by logging out after completion of a work session;

4. to safeguard their passwords or analogous means of identification (e.g. smartcard) in order to prevent third parties from gaining access to them. Passwords or analogous means of identification must not be passed on to unauthorized third parties under any circumstances;

5. to adhere to legal regulations (copyright protection etc.) when using software, documentations or other data;

6. to inform themselves about the terms of use of software, documentations or other data, which are sometimes purchased within the framework of license agreements, and to comply with these terms;

7. in particular, to refrain from copying, passing on or using for other than the authorising purposes, especially commercial purposes, software, documentations or data, unless this has been expressly permitted;

8. to adhere to the user manuals provided by the system operator;

9. to comply with the guidelines for use and access of other system operators when communicating with their computers and networks.

(4) Without the consent of the responsible system operator, users are not allowed

1. to make any changes to hardware installations;

2. to alter the configuration of the operating systems or the network.

The authorisation to install software isregulated subject to the respective local and technical circumstances.

Sect. 5 Abuse

Users abuse the IC infrastructure if, knowingly or grossly negligently, they do not comply with relevant protective regulations (e.g. criminal law, data protection, protection of minors, copyright). The creation and propagation of pornographic images and writings as well as racist propaganda is prohibited.

Sect. 6 Data protection

Users have to obtain the approval of the system operator for any intended processing of personal data in advance. The provisions of the Data Protection Act must be observed at all times.

Sect. 7 Responsibilities, rights and duties of the system operator

(1) The issue of user authorisations is documented by the system operator. The documentation is kept for a minimum of two years after expiry of the authorisation.

(2) The system operator informs users of the identity of the contact persons providing support.

(3) The system operator takes appropriate measures contributing to the prevention or exposure of abuse. Personal user data will not be accessed for this purpose.

(4) The system operator is entitled

1. to check the security of the system and passwords at regular intervals with suitable software tools in order to protect his resources and user data from any assaults by third parties;

2. subject to consent by the data protection officer, to document and evaluate user activity (e.g. by means of login times or connection data in network traffic) for purposes of accounting, resource planning, monitoring of operations or tracing of errors and violations of regulations for use and legal provisions;

3. subject to consent by the data protection officer and in compliance with the four-eyes principle and the requirement of documentation, to inspect user files if there are concrete indications for a violation of regulations for use or criminally relevant activity or if such an inspection is required in order to ensure proper operation. The users concerned will be informed of the inspection.

4. in cases of substantiated suspicion of an offence, to employ measures for the preservation of evidence if required.

(5) The system operator is obliged to observe confidentiality.

(6) The system operator is obliged to comply with the guidelines for use and access of other system operators when communicating with their computers and networks.

Sect. 8 Liability of the system operator / exemption from liability

(1) The system operator does not warrant that the system functions will correspond to the specific requirements of the user or that the system will operate without errors or interruption. The system operator cannot warrant the intactness and confidentiality of the data stored in his system.

(2) The system operator will not be liable for damages of any kind arising from the use of IC resources by the user unless otherwise provided by mandatory statutory provisions.

Sect. 9 Consequences of abuse or illegal use

(1) Violations of statutory provisions or the provisions of these regulations for use, in particular sect. 4, 5, and 6, can result in the restriction or revocation of the user authorisation by the system operator.

(2) In the case of serious or repeated violations, a user can be permanently excluded from the use of all IC resources of the University of Bremen.

(3) In the case of violations of statutory provisions or the provisions of these regulations for use, the University of Bremen explicitly reserves the right to initiate administrative, disciplinary or penal proceedings and to pursue civil law claims.

Sect. 10 Other regulations

(1) Charges for the use of IC resources may be specified in separate regulations.

(2) Supplementary or divergent regulations for use may be established for certain systems if required.

(3) Place of jurisdiction for all disputes arising from the user agreement is Bremen.