Guidelines for Use
Guidelines for Use for Information Processing Systems at Technische Hochschule Ingolstadt (IP-GL/THI)
Technische Hochschule Ingolstadt ("Operator") operates an information processing infrastructure (IP infrastructure; cf. § 1). The IP infrastructure is integrated into the German science network and thus into the worldwide Internet.
The Guidelines for Use
- are based on the statutory tasks of universities and on their mandate to preserve academic freedom,
- establish basic rules for a proper operation of the IP infrastructure,
- indicate the rights of third parties to be protected (e.g. software licences, requirements of the network operator, data protection aspects),
- commit the user to behave correctly and to use the offered resources economically,
- explain any measures taken by the operator in the event of violations of the regulations for use.
§ 1 Scope
The present Guidelines for Use shall apply to the IP infrastructure consisting of data processing systems (computers), communications systems (networks) and other aids to information processing that are kept ready for purposes of information processing at Technische Hochschule Ingolstadt within the framework of the tasks assigned to universities (cf. Art. 2 Bavarian University and College Act - BayHSchG -).
§ 2 Users
- The IP resources referred to in § 1 shall be at the disposal of the members of Technische Hochschule Ingolstadt for the fulfilment of their tasks in the areas of research, teaching, administration, education and further education, public relations work and the external image of universities and for other tasks described in Art. 2 BayHSchG.
- Use may be granted to other persons, in particular members of other universities, organisations and institutions.
§ 3 Formal authorisation
- Anyone who wants to use IP resources under § 1 requires a formal authorisation from the responsible system operator. Excepted from this are services that are set up for anonymous access (e.g. information services, library services, short-term guest account at conferences).
- The system operators are
a) the computer centre for central systems,
b) the relevant competent organisational unit (university management, university administration, departments, central institutions of Technische Hochschule Ingolstadt) for decentralised systems.
- The application for a formal authorisation must contain the following information:
a) operator or organisational unit, to which the application for authorisation is made (cf. § 3 Section 2 b)),
b) systems for which the application for authorisation is made,
c) applicant, username, address, telephone number (also matriculation number for students), membership of an organisational unit of Technische Hochschule Ingolstadt, if applicable,
d) approximate information on the purpose of the use (e.g. education/teaching, administrative activities, written assignment/diploma thesis, public relations work, research),
e) entries for information services of Technische Hochschule Ingolstadt (e.g. information server WWW),
f) the explanation that the user acknowledges the Guidelines for Use and consents to the collection and processing of personal data pursuant to § 5 Section 4.
The system operator may only demand additional information if it is necessary for making a decision about the application.
- The competent system operator shall make the decision about the application. It may make the granting of the authorisation dependent on proof of a particular level of competence in using the system. The authorisation may be granted for a fixed term or an unlimited term and shall always end with the end of the membership of Technische Hochschule Ingolstadt, at the latest.
- The authorisation may be refused if
a) it does not appear to be guaranteed that the applicant will comply with its obligations as a user,
b) the capacity of the system, the use of which is the subject of the application, is not sufficient for the intended work because of an existing utilisation,
c) the plan is not compatible with the purposes pursuant to § 2 Section 1 and § 4 Section 1,
d) the system is obviously unsuitable for the intended use or reserved for specific purposes,
e) the system to be used is connected to a network that has to satisfy particular data protection requirements and no objective reason for this desire for access is apparent;
f) it is to be expected that other legitimate uses are unduly disturbed by the applied for use.
- The authorisation only authorises work that is connected to the applied for use.
§ 4 User's obligations
- The IP obligations pursuant to § 1 may only be used for the purposes specified in § 2 Section 1. A use for other purposes, in particular for private or commercial purposes, may only be permitted on application and for a fee.
The user is obliged,
a) to ensure that he/she uses the available resources (workstations, CPU capacity, disc storage space, transmission capacities, peripheral devices and expendable items) responsibly, in an economically viable way, and observing other regulations, if applicable.
b) to avoid disturbances to the operation, as far as they are foreseeable, and to prevent everything, to the best of his/her ability, that may cause damage to the IP infrastructure or for other users.
c) to avoid any kind of misuse of the IP infrastructure.
d) to work exclusively with user IDs which he/she is permitted to use; the passing on of user IDs and passwords is not permitted.
e) to protect access to the IP resources with a secret password or an equivalent procedure.
f) to take precautions to prevent unauthorised third parties from accessing the IP resources (cf. § 1); this includes, in particular, avoiding basic, obvious passwords, changing the passwords frequently and not forgetting to log out.
g) in communication with computers of other operators, to observe their user and access guidelines closely.
h) not to use any other software than that provided or released for use by the system operators.
i) to observe the legal requirements in the event of the use of software (sources, objects), documentation and other data (penal law, copyright).
j) to gather information about the conditions under which the software that was partly acquired within the framework of licence agreements, documentation or data is provided and to observe these conditions.
k) not to copy or pass on software, documentation and data, in particular, unless this is expressly permitted, not to use it for purposes other than those permitted, especially not for private or commercial purposes.
The user shall bear full responsibility for all actions that are taken using its user ID, including if these actions are taken by third parties to whom it has allowed access, at least by negligence. The same applies to the effects of the programs that he/she runs; the user must be adequately informed about the effects in advance. Contraventions may give grounds for claims for compensation (cf. § 7).
- The IP infrastructure may, of course, only be used in a legally correct manner. Reference is expressly made to the fact that the following types of conduct, in particular, are criminal offences in accordance with the German Penal Code (StGB):
a) data espionage (§ 202 q StGB),
b) the unauthorised changing, deletion, suppression or disabling of data (§ 303 a StGB),
c) computer sabotage (§ 303 b StGB) and computer fraud (§ 263 a StGB),
d) the distribution of propaganda materials of unconstitutional organisations (Section 86 StGB) or racist ideas (§ 130 StGB),
e) the distribution of certain forms of pornography on the Internet (§ 184 (3) StGB),
f) the calling up or possession of documents containing child pornography (§ 184 (5) StGB),
g) defamation such as libel or slander (§§ 185 ff. StGB).
Technische Hochschule Ingolstadt reserves the right to instigate criminal proceedings and assert claims under civil law (§ 7).
- The user is prohibited, without the consent of the competent system operator, from
a) carrying out interventions in the installation of hardware,
b) changing the configuration of the operating system or the network,
c) installing software other than that provided.
- The user is obliged to agree a plan for processing personal data with the system operator before the start. The obligations that arise from provisions of the German Data Protection Act shall not be affected by this.
- The user is prohibited from taking note of and/or making use of messages destined for other users.
- The user is obliged to
a) observe the guides provided by the system operator (e.g. guides for the use of networks and regarding ethical and legal issues of software use),
b) in communication with computers of other operators, to adhere to their user and access guidelines.
§ 5 Tasks, rights and obligations of the system operators
- Every system operator shall keep some documentation about the authorisations granted and the assignment of resources (privileges, resources). The documents must be stored for at least two years after the end of the authorisation.
- The system operator shall notify the contacts for the support of its users.
- The system operator shall contribute appropriately, particularly in the form of regular spot checks, to the prevention or detection of misuse.
- The system operator is entitled
a) to regularly review the security of the system and passwords with software tools, in order to protect its resources and the data of the users from attacks by third parties;
b) to document and evaluate the activities of the users (e.g. by the log-in times or the connection data in the network traffic), insofar as this serves the purposes of billing, resource planning, monitoring of the operation or the tracking of faults and violations of the Guidelines of Use and the legal requirements;
c) to view user files, observing the record keeping obligation, insofar as it is unavoidable for the maintenance of a proper operation or, in the event of the suspicion of misuses (such as the culpable distribution or storage of information), for the prevention of these;
d) to use measures for the preservation of evidence, if necessary, in the event that the suspicion of criminal offences is corroborated.
- The system operator is obliged to maintain confidentiality.
- Before agreeing to the installation of third-party software desired by the user, the system operator must check whether it is unobjectionable with regard to the system protection; it must obtain the user's written assurance that the user is authorised to use the software, with regard to the property rights.
- The system operator is obliged, in communication with computers and networks of other operators, to adhere to their user and access guidelines.
§ 6 Liability of the system operator/exclusion of liability
- The system operator does not guarantee that the system functions meet the specific requirements of the user or that the system is fault-free and runs without interruption. The system operator may not guarantee the integrity (with regard to destruction, manipulation) and the confidentiality of the data stored in it.
- The system operator shall not be liable for damages of any kind whatever that arise for the user from the use of IP resources pursuant to § 1; excepted is the deliberate conduct of the system operator or its vicarious agents.
§ 7 Consequences of a misuse or illegal use
- In the event of infringements of legal requirements or the provisions of the present Guidelines of Use (cf. § 4), in particular in the case of
a) the misuse of IP resources (cf. § 1) for purposes other than the permitted purposes,
b) the discovery of third-party passwords,
c) attempts to hack into third-party systems, databases or computer networks,
d) the infringement of copyrights,
the system operator may limit the authorisation or remove it altogether, as long as a proper use by the user does not appear to be guaranteed. It makes little difference whether the infringement resulted in a material damage or not.
- Infringements of legal requirements or of the provisions of the present Guidelines for Use shall be checked for their relevance to criminal law and for civil law claims. The system operators are obliged to hand over any information that seems important to the Chancellor of Technische Hochschule Ingolstadt for a legal scrutiny and, if applicable, for the instigation of appropriate further measures.
§ 8 Miscellaneous provisions
- Fees may be established for the use of IP resources in separate statutes.
§ 9 Entry into force
The Guidelines for Use shall enter into force after a resolution in the Senate on 15th July 1998.