User regulations

VERSION 26.11.2021

The regulations for the use of computers and networks at Fulda University of Applied Sciences were adopted by the Executive Board of Fulda University of Applied Sciences on 23 October 2008 and amended on 29 May 2013 and 25 November 2021. The extended user regulations come into force on 26 November 2021.

Content

Preamble

Fulda University of Applied Sciences, its departments and facilities operate an information processing and communication infrastructure (IT infrastructure) consisting of information processing systems (computer systems) and a multiservice communication network for the transmission of data, images and voice. The IT infrastructure is integrated into the global Internet.

These terms of use regulate the conditions under which the services offered by this infrastructure can be used. They

  • are based on the legally defined tasks of Fulda University of Applied Sciences and its mandate to safeguard academic freedom;

  • establish basic rules for the proper operation of the IT infrastructure;

  • points out the rights of third parties that must be observed (e.g. with regard to software licences, network operator requirements, data protection aspects);

  • obliges users to behave correctly and use the resources offered economically;

  • obliges the operators to operate the system correctly;

  • informs about possible measures in the event of violations of these user regulations;

  • regulates the details of user registration and computer operation.

The individual organisational units of Fulda University of Applied Sciences can define additional regulations for user registration and computer operation.

Top of page

§ 1 Scope

These Terms of Use apply to the IT infrastructure operated by Fulda University of Applied Sciences, consisting of information processing systems, communication systems and other auxiliary facilities.

Top of page

§ 2 User group and tasks

  • The IT resources specified in § 1 are available to members and affiliates of Fulda University of Applied Sciences for the fulfilment of their tasks in research, teaching, administration, training and further education and public relations work at the university.

  • Other persons and institutions may be authorised to use them.

Top of page

§ 3 Authorisations for use

  1. a formal user authorisation (e.g. user ID, network connection, network access) from the responsible system operator is required to use the IT resources in accordance with § 1.

  2. the use of computer-based services (e.g: e-mail address, internet access, extensive computing time or storage capacity, use of PC pools) is regulated as required in the respective user regulations of the central facilities and departments.

  3. the connection of computers to the university network can only be requested by university staff (professors, employees) via their respective system administrators. They will provide information on rights and obligations and record the required data.

  4. the system operator is

    1. the computer centre for the university network, central systems and services,

    2. for decentralised systems, an organisational unit of Fulda University of Applied Sciences (department, institute, working group, facility or other sub-unit of the university).

  5. The application for a formal user authorisation should contain the following information:

    1. system operator from whom the user authorisation is requested;

    2. systems for which the user authorisation is requested;

    3. applicant: name, address, telephone number and, if available, email address (for students additionally the matriculation number) as well as affiliation to an organisational unit of the university;

    4. information on the purpose of use, e.g. education/teaching, research, administration;

    5. information on whether personal data is processed;

    6. a declaration that the applicant recognises the current version of the user regulations and consents to the collection, processing and use of his/her own personal data for the purpose of user administration, in particular in accordance with Section 6 (5), (6) and (7) of these user regulations. The applicant is obliged to inform himself/herself about changes to the user regulations and to return his/her user authorisation if he/she does not agree to the changes.

    The system operator may only request further information if this is necessary for the decision on the application.

  6. The responsible system operator shall decide on the application. He may make the granting of user authorisation dependent on proof of certain knowledge about the use of the system.

  7. the user authorisation shall be granted if

    1. the project is compatible with the purposes according to § 2 number 1 of these user regulations;

    2. it appears to be guaranteed that the applicant will fulfil his or her obligations as a user;

    3. the system is suitable for the intended use and is not reserved for special purposes;

    4. the capacity of the system for which use is requested is sufficient for the intended work despite existing capacity utilisation;

    5. it is not to be expected that the requested use will unreasonably interfere with other authorised uses.

  8. the user authorisation only entitles the user to carry out work in connection with the requested use.

  9. the user authorisation ends upon notification by the user or if he/she leaves the group of authorised users. The Student Service Center (SSC) informs the Computer Centre of every de-registration and the Human Resources Department informs it of every departure of staff members so that the corresponding user authorisations can be blocked. The Computer Centre informs the system operators of the other organisational units of Fulda University.

top of page

§ 4 Legal integration

The IT infrastructure may only be used in a legally correct manner. Users and operators must inform themselves about the relevant provisions of the Hessian Data Protection and Freedom of Information Act (HDSIG) and other laws (see also laws/data protection). It is expressly pointed out that the following activities, among others, are punishable:

  1. spying (§ 202a StGB) and interception (§ 202b StGB) of data;

  2. preparation of spying and interception of data (§ 202c StGB).
    Note: The activities of the system administrators in accordance with Section 6 (5) to (7) of this document do not violate Section 202c, as the users have agreed to these activities when applying for user authorisation;

  3. unauthorised modification, deletion, suppression or rendering unusable of data (§ 303a StGB);

  4. computer sabotage (Section 303b StGB) and computer fraud (Section 263a StGB);

  5. the dissemination of propaganda material of unconstitutional organisations (Section 86 StGB) or racist ideas (Section 130 StGB);

  6. the distribution and possession of certain forms of pornography on the Internet (Sections 184, 184a, 184b StGB);

  7. offences of honour such as insult or defamation (§ 185ff StGB), insults to denominations, religions or world views (§ 166 StGB);

  8. copyright offences, e.g. by copying software in breach of copyright or entering protected works and distributing them via the IT infrastructure (Sections 106ff UrhG).

In some cases, even the attempt is punishable.

Top of page

§ 5 Rights and obligations of users

  1. the IT resources according to § 1 may only be used for the purposes specified in § 2 number 1 of these user regulations. Any use deviating from this may be permitted if it is minor and does not impair the purpose of the University Computer Centre or the interests of other users.

  2. central systems and services of the computer centre may be used by all members and affiliates of the university, decentralised systems may generally only be used by members and affiliates of the corresponding organisational unit.

  3. users are obliged to ensure that existing resources (e.g. workstations, CPU capacity, disk storage space, line capacity, peripheral devices and consumables) are used responsibly and economically. Users are also obliged to refrain from causing any foreseeable disruption to operations and, to the best of their knowledge, to avoid anything that could cause damage to the IT infrastructure or to other users. Infringements may give rise to claims for damages and lead to exclusion from use (see also § 8 of these user regulations). Users are also obliged to comply with the IT Security Policy of Fulda University of Applied Sciences and to implement all necessary measures for basic protection of the IT infrastructure of Fulda University of Applied Sciences.

  4. users must refrain from any kind of misuse of the IT infrastructure. In particular, they are obliged to do so:

    1. to work exclusively with user authorisations that they have been permitted to use; the passing on of user IDs (user name/password) is generally not permitted;

    2. protect the second factor for two-factor authentication and only use the factors that have been provided to you by the data centre; passing on the second factor is generally not permitted; you can find further information on two-factor authentication in the “Basic protection” document;

    3. to protect access to IT resources as far as possible, e.g. by means of a password that must be kept secret or an equivalent procedure;

    4. to take precautions to prevent unauthorised third parties from accessing IT resources; this includes, in particular, avoiding obvious passwords, changing passwords immediately if they fall into the wrong hands or if there is a suspicion that they have become known to unauthorised persons and not forgetting to log out of the system before leaving the room;

    5. not to identify or use unauthorised user IDs and passwords;

    6. not to gain unauthorised access to information of other users and not to pass on, use or change information of other users that has become known without permission;

    7. to comply with the statutory regulations (copyright protection, copyright etc.) when using software (sources, objects), documentation and other data;

    8. to inform themselves about the conditions under which the programmes, documentation or data, some of which have been acquired under licence agreements, are made available and to observe these conditions;

    9. not to copy or pass on software, documentation and data, unless expressly authorised, nor to use them for purposes other than those permitted, in particular not for commercial purposes. Infringements may give rise to claims for damages (§ 5, clause 9) and result in a restriction of the user authorisation (§ 8).

Users bear full responsibility for all actions carried out under their user ID, even if these actions are carried out by third parties to whom they have at least negligently granted access.

  1. users are prohibited from using the system without the consent of the responsible system operator

    1. to interfere with the hardware installation;

    2. to change the configuration of the operating systems, programmes or the network.

  2. users are obliged to create a record of processing activities in accordance with Article 30 GDPR before introducing and before making significant changes to a procedure in which personal data is processed. The result must be sent to the data protection officer of Fulda University of Applied Sciences. The project must also be coordinated with the respective system operator. The data protection precautions proposed by the data protection officer and the system operator must be used.

  3. Users are obliged to

    1. to observe the guidelines for use provided by the system operator;

    2. to provide the person responsible for the system with information on programmes and methods used for monitoring purposes in justified individual cases upon request (in particular in the event of justified suspicion of misuse and for troubleshooting). This regulation does not cover user data that is protected by telecommunications secrecy or data secrecy, e.g. personal files or personal data of third parties;

    3. to inform themselves about the respective local and system-related conditions and regulations before installing software and to comply with these. Students may not install any software on the computers of Fulda University of Applied Sciences or download any binary files (pre-translated programmes, libraries, etc.) from the Internet and then run them on the computers of Fulda University of Applied Sciences.

  4. users as providers of WWW information:

    1. are responsible for the content of their web pages;

    2. must indicate the imprint on every web page.

  5. Liability of the users

    1. users shall be liable for all disadvantages incurred by Fulda University of Applied Sciences as a result of misuse or unlawful use of the IT infrastructure and user authorisation or as a result of their culpable failure to comply with their obligations under these user regulations. The university may demand that misused resources and other costs be reimbursed by such users in accordance with the Fee Regulations.

    2. users are also liable for damages caused by third-party use within the scope of the access and usage options made available to them if they are responsible for this third-party use, in particular if they have passed on their user ID to third parties. In this case, the university may charge these users a fee for third-party use in accordance with the fee regulations.

    3. users shall indemnify the university against all claims if third parties assert claims against the university for damages, injunctive relief or in any other way due to abusive or unlawful behaviour on the part of the user.

Top of page

§ 5a Obligation of use for students

Upon enrolment, students receive a user ID (fd number) and an e-mail address. The university uses these exclusively to send information to its students. Students are obliged to check these e-mails regularly and to check their e-mail account regularly for incoming messages. When applying for a user ID, students are informed of their obligation to use this e-mail address.

top of page

§ 6 Tasks, rights and obligations of the system operators

  1. the system operator may maintain a user file containing the personal data of the users via the user authorisations granted. An overview of the type of information stored must be accessible to each user. The application documents for the granting of user authorisations must be kept for at least two years after the authorisation expires.

  2. the system operator is entitled to verify the identity of a person before issuing a user authorisation. The verification can be carried out on site using a photo ID or via a video conference.

  3. the system operator shall disclose the persons responsible for managing its systems. The system operator and the system administrators are obliged to maintain confidentiality.

  4. the system operator may temporarily restrict the use of its resources or temporarily block individual user IDs if this is necessary to rectify faults, for system administration and expansion or for reasons of system security and to protect user data. If possible, the affected users must be informed immediately.

  5. if there are reasonable indications that a user is making illegal content available for use on the system operator’s servers, the system operator may prevent further use until the legal situation has been sufficiently clarified.

  6. the system operator is entitled to check the security of user passwords and user data by means of regular manual or automated measures and to implement necessary protective measures, e.g. changes to easily guessable or outdated passwords, in order to protect IT resources and user data from unauthorised access by third parties. The user must be informed immediately of any necessary changes to user passwords, access authorisations to user files and other protective measures relevant to use, insofar as this is possible.

  7. The system operator is authorised to document and evaluate the use of the data processing systems by the individual users for the following purposes:

    1. to ensure proper system operation,

    2. for resource planning and system administration,

    3. to protect the personal data of other users,

    4. for billing purposes,

    5. for the detection and elimination of faults and

    6. for the clarification and prevention of unlawful or improper use.

The system operator keeps an overview of the data collected for these purposes, which can be viewed by every user.

  1. for the purposes listed under section 6, the system operator is also authorised to inspect the user files insofar as this is necessary to eliminate current faults or to clarify and prevent violations of the user regulations and there are actual indications of this. Data secrecy and the dual control principle must be observed.

    However, inspection of the message and e-mail mailboxes is only permitted if this is essential to rectify current disruptions in the message service. In any case, the inspection must be documented and the person concerned must be informed immediately after the purpose has been achieved. In the event of substantiated indications of criminal offences, the system operator shall act in consultation with the university management in consultation with the competent authorities and, if necessary, shall take measures to preserve evidence.

  2. system operators who offer users independent homepages on the WWW_Server_ for publication on the Internet are authorised to automatically generate an imprint on these pages, which contains the full name and e-mail address of the author.

    The logging of connection data (e.g. access to the database of a WWW_Server_) may not contain any personal data.

  3. in accordance with the statutory provisions, the system operator is obliged to maintain telecommunications and data secrecy.

Top of page

§ 7 Liability of the System Operator/Disclaimer

  1. the system operator does not guarantee that the system functions will meet the user’s specific requirements or that the system will run error-free and without interruption. The system operator cannot guarantee the integrity (in terms of destruction, manipulation) and confidentiality of the data stored by the system operator.

  2. the system operator shall not be liable for damages of any kind incurred by users from the utilisation of IT resources in accordance with § 1 of these user regulations, unless otherwise stipulated by law.

Top of page

§ 8 Consequences of improper or unlawful use

In the event of violations of legal regulations or of the provisions of these user regulations, in particular § 5 (Rights and obligations of users), the system operator may restrict the right of use. It is irrelevant whether the offence has resulted in material damage or not. Measures to withdraw or restrict user authorisation, which are decided on by the head of the facility, should only be taken after a prior unsuccessful warning. The person concerned must be given the opportunity to comment.

Top of page

§ 9 Other regulations

  1. charges or fees may be set for the use of IT resources. The fee schedule of the respective system operator shall apply.

  2. supplementary or deviating rules of use may be defined for individual systems as required.

  3. the responsible university body shall decide on amendments to these terms of use. The computer centre and the other system operators must be given the opportunity to comment beforehand.

top of page