IT Security Guideline (IT-SR)

VERSION 23.10.2008

VERSION 23.10.2008

The IT Security Guideline (IT-SR) was adopted on 23 October 2008 by the Presidential Board of Fulda University of Applied Sciences and has been in force since then.

Content

  1. Overview
  2. Introduction
  3. Promoting security awareness
  4. Minimum standards for the operation of a computer
  5. Minimum standards for the operation of a network
  6. Use contrary to the rules
  7. Consequences of non-compliance with the IT security policy

1. overview

Fulda University of Applied Sciences expects users of the university’s computers and networks to and networks of the university to use them responsibly. responsible behaviour when using them. In response to violations violations of the security guidelines or legal provisions Fulda University of Applied Sciences and its organisational units are entitled to withdraw access authorisations from users temporarily or permanently, delete data from Fulda University of Applied Sciences computers if necessary Fulda University of Applied Sciences and to remove computers from the network. In the event of ambiguities or in cases of dispute, the IT Security Officer of Fulda University of Applied Sciences and, in the second instance, the the head of the university’s computer centre decides on such measures. measures.

Based on the User Regulations for Computers and Networks at Fulda University of Applied Sciences, this guideline details the general rules for the use and operation of computers and networks with regard to IT security. If you notice a security-relevant event, please report it. You will find instructions in the document “Report IT security incident”.

1.A Reason

Fulda University of Applied Sciences would like to enable all users to work efficiently and undisturbed. Therefore the IT security guideline contains a list of prohibited behaviours prohibited behaviour (improper use), **which every user can demand to refrain from to protect themselves from harassment and threats and to protect the University of Fulda and its organisational units from damage and legal consequences. legal consequences. In order to ensure flawless operation operation, the IT security guideline defines standards for the security of computers, networks and data. These These are minimum requirements. The organisational units organisational units of Fulda University of Applied Sciences can stricter rules in writing for their area of responsibility.

1.B Scope of validity

The IT Security Policy is binding for all members of members of Fulda University of Applied Sciences and persons who are authorised by the use of computers and networks at Fulda University of Applied Sciences. Fulda University of Applied Sciences.

In addition, it forms the basis for reactions to all security-related incidents from outside.

1.C Version

Version 1.0 from 23 September 2008

At this point, revisions to the document are noted with a brief document with a brief summary of the changes. The guideline should be reviewed regularly (e.g. every two years) to ensure that it is be reviewed. Serious changes to the technologies used technologies used or of an organisational nature can organisational changes may result in short-term revisions.

Top of page

2. introduction

The use of computers and networks has become an everyday routine for members of the members of Fulda University of Applied Sciences. When use, it facilitates many activities and activities and some work would be inconceivable without the use of would be unthinkable without the use of computers. Negligent or even unlawful use use, on the other hand, can infringe the rights of other users. rights of other users. Fulda University of Applied Sciences therefore requires all users to careful and responsible and responsible behaviour when using computers and networks.

In principle, within the framework of the legal provisions the discretion of each individual user or the discretion of the departments or the discretion of the departments and facilities of Fulda University of Applied Sciences as to the manner in which computers and networks are used. This practised approach of maximum openness has proved its worth over the years and should be maintained. However, the experience of recent years has made it clear that there must be a generally recognised consensus which irregular use is not accepted, which [minimum standards for is not accepted, which minimum standards for the operation of a computer or a network are binding and which consequences are drawn in the event of non-compliance with the guideline.

The purpose of the IT security guideline is to formalise these topics formalise these topics and to provide all users with a uniform basis basis on which to decide which use is compliant and which measures compliant and which measures are to be taken.

Due to maximum openness, misuse cannot be ruled out a priori. be ruled out a priori. The IT security guideline is intended to to accelerate the detection of security problems in order to minimise the damage minimise the damage to each individual and to Fulda University of Applied Sciences. It is intended to serve as a guideline for one’s own actions and for judgement of the actions of others. This also reduces the probability that violations will remain without consequences.

Fulda University of Applied Sciences relies on users to report security problems to the users report security problems to the computer centre and their their responsible IT security officers (contact persons of the organisational units and the system administrators to report security problems to the computer centre. system administrators rectify recognised deficiencies in their area of responsibility themselves. The complete list of contact addresses is updated regularly.

Top of page

3. promotion of safety awareness

The following measures are intended to promote safety.

3.A Users

  • Users should keep themselves informed about changes to the to the security policy.

  • Necessary actions due to a change in the security security guideline must be carried out immediately.

  • Violations or suspected violations of the the security guideline must be reported immediately to the responsible IT security officer immediately.

  • Regular participation in training on the topic of IT security is recommended.

3.B Administrators

  • All of the above measures for users and additionally

  • Informing users about security-related incidents security-relevant incidents, threats, etc.

  • Training users, in particular on relevant topics for maintaining and increasing IT security (also for new users).

  • Providing information about vulnerabilities and threats in the software used.

Top of page

4. minimum standards for the operation of a computer

In order to ensure the proper operation of a computer or an active active network component, at least the following requirements must be met. In addition the applicable security measures of the data centre must be observed.

  1. the system must be professionally installed.
  2. . The necessary security patches or upgrades must be installed promptly.
  3. if a system does not have suitable protection mechanisms, it must be protected on the network side, e.g. by a firewall.
  4. user accesses that are no longer used must be removed.
  5. passwords must be changed immediately if they have fallen into unauthorised hands or there is a suspicion that they have become known to unauthorised persons and secure passwords or stronger authentication authentication methods (e.g. public key) must be used. must be used.
  6. passwords may not be sent in plain text across the the boundaries of the university network and should also not be within the university network in plain text if possible. transmitted in plain text.
  7. passwords should never be stored on the hard drive to avoid entering them in a programme.
  8. if a procedure is introduced or significantly changed, in which personal data is processed, a [record of processing activities pursuant to record of processing activities pursuant to Article 30 GDPR must be drawn up beforehand. The result must be sent to the data protection officer of Fulda University of Applied Sciences.

If a user of a computer becomes aware of security security deficiencies, he or she is obligated to report the deficiencies to the person responsible for system administration. responsible for system administration or, if he or she does not know the person person, the IT security officer of the organisational unit. organisational unit. The IT security officer is obliged obliged to report information known or made known to him or her about security deficiencies of a computer to the person person responsible for system administration. This person in turn is obliged to take appropriate countermeasures. take appropriate countermeasures.

Top of page

5. minimum standards for the operation of a network

A network operation within the meaning of this guideline exists if dedicated network hardware (e.g. router) is operated or network services are offered at the logical level, such as NAT gateways, DNS or DHCP servers.

  1. at least one responsible person must be named for each area (subnet, IP area, DNS domain) at least one responsible person must be named for each area (preferably several persons, so that in the event of errors or security incidents responsible person can always be contacted in the event of errors or security incidents) who is also technically capable of carrying out emergency measures.

  2. access to the network must not be uncontrolled. The access to the network must be either physical (closed room) or administratively regulated by access lists, VPN access or similar. be regulated.

  3. if IP addresses are assigned, it must be possible to trace who or which device had an IP address at a certain time. time.

  4. the locations of all components in the network, including those of the of the connected computers, must be known to the responsible persons must be known.

  5. the names and / or addresses of the network components (including the computers) should be visible on the be visible on the outside of the device.

Top of page

6. improper use

The rule violations defined in the security guideline are categorised into the following four areas. Behaviour sanctioned under criminal law sanctioned behaviour is always against the rules.

6.A Use of electronic communication to attack individuals or groups of individuals

(A1) Disseminating or circulating information that insults or degrades individuals (e.g. on the basis of their skin colour, nationality, religion, gender, political opinions or sexual orientation).
A2)
A3) Multiple unsolicited sending of messages.

6.B Use of electronic communications to obstruct the work of others

B1) Obstructing the work of others (e.g. through mail bombs and similar techniques).
B2) Appropriation of resources beyond what is authorised (e.g. extreme data traffic).
B3) Sending electronic mass mailings (e.g. SPAM e-mails). Exception: distribution of official messages in analogy to internal mail.
B4) Forwarding or circulating electronic chain letters.
B5) Unauthorised manipulation of electronic data of others.
B6) Accessing third party data without their permission.

6.C Offences against licence agreements or other contractual provisions

C1) The use, copying and distribution of copyrighted material in contravention of the Copyright Act, the Statutes of Fulda University of Applied Sciences for Safeguarding Good Scientific Practice, licence agreements or other contractual provisions on computers of Fulda University of Applied Sciences or the transport of these documents via networks of Fulda University of Applied Sciences.
C2) Infringement of copyright by falsification of electronic documents.
C3) Passing on access authorisations to third parties (e.g. accounts, passwords, Fulda University chip cards)

6.D Use of electronic communication for attacks against computers, the network or services provided on it

The following violations must be reported to the respective IT security officer of the organisational unit and of Fulda University of Applied Sciences!

D1) Systematic investigation of servers and services (e.g. port scans). Exception: Security tests after consultation with the person responsible for system administration.
D2) Unauthorised appropriation of access authorisations or attempts to do so (e.g. cracking). Exception: security tests after consultation with the person responsible for system administration.
D3) Damage to or disruption of electronic services (e.g. denial of service attacks).
D4) Intentional dissemination or circulation of malicious programmes (e.g. viruses, worms, Trojan horses).
D5) Spying on passwords or attempting to spy on them (e.g. password sniffer).
D6) Unauthorised manipulation or falsification of identity information (e.g. email headers, electronic directories, IP spoofing, etc.).
D7) Exploitation of recognised security flaws or administrative deficiencies.

Top of page

7. consequences of non-compliance with the security policy

Experience has shown that most violations result from result from ignorance of the security guideline or technical inadequacy. In such cases, it will be sufficient if the perpetrator is informed about the violation of the violation of the security guideline of the Fulda University of Applied Sciences and demanded to refrain from further violations is demanded. In the event of breaches of licence agreements, the deletion of the corresponding data on the affected computers. If it can be assumed that recognised violations will also affect other departments, institutions or organisations (including those outside Fulda University of Applied Sciences) Fulda University of Applied Sciences, the responsible persons concerned and possibly the Fulda University Computer Centre must be informed (e.g. Blocking a user who also has access authorisations on other computers access authorisations on other computers).

If the direct request is unsuccessful or the identity of the identity of the perpetrator cannot be determined, the computer centre cannot be determined, the computer centre of Fulda University of Applied Sciences should be involved in solving the problem. Contact with the computer centre should best be centre via the e-mail address provided for this purpose. provided for this purpose.

In addition to the description of the problem, it should always be explicitly stated which point of the security policy has been violated. has been violated. In case of disagreement about the correctness of the complaint the IT security officer of Fulda University of Applied Sciences and, in the second instance second instance, the head of the computer centre.

7.A Measures taken by the computer centre

  1. the data centre will ask the person responsible for the network or computer responsible for the network or computer to stop rule violations, if necessary, block the access authorisation of the perpetrator. block the access authorisation of the perpetrator and, in the event of breaches of licence agreements information concerned from the computers in the event of breaches of licence agreements.

  2. the computer centre carries out regular checks on aspects of the IT security policy. If violations of the policy are detected (e.g. due to the activities of installed malware), the data centre reserves the the computer centre reserves the right to contact the user by telephone and and deactivate the user account. Activation of the account is only possible on site after prior consultation.

  3. if the person responsible cannot be contacted or is unable or unwilling to able or unwilling to prevent such violations, the computer centre is the computer centre is obliged to inform the next higher authority (e.g. the dean) of the grievances and to instruct him or her to rectify them. and request that he or she rectify them.

  4. if the measure in point 2 is also unsuccessful, the computer centre is computer centre is entitled to remove the computer in question from the network from the network or to block the services concerned or, if necessary, an entire subnetwork. block.

  5. if circumstances so require (imminent danger), the data centre can also carry out blocks without consulting the the respective person responsible. The data centre is obliged in such data centre is obliged in such cases to inform the data possible) and the next higher authority immediately afterwards about the measures taken.

  6. incidents that are relevant under criminal law, e.g. due to possible claims for compensation for damages, damage, must always be forwarded to the President of Fulda University of Applied Sciences.

  7. in addition, the perpetrator may be required to provide written acknowledgement of the IT Security Policy. may be requested.

7.B Measures taken by the University, State and City Library (HLSB)

The measures taken by the University, State and City Library are set out in the “User Regulations of the Fulda University of Applied Sciences Sciences for the University, State and City Library (HLB) of 28 March 2019” in "§ 22 Exclusion from use".

Top of page

Oct 16, 2025

Subsections of IT Security Guideline (IT-SR)

User regulations

VERSION 26.11.2021

The regulations for the use of computers and networks at Fulda University of Applied Sciences were adopted by the Executive Board of Fulda University of Applied Sciences on 23 October 2008 and amended on 29 May 2013 and 25 November 2021. The extended user regulations come into force on 26 November 2021.

Content

Preamble

Fulda University of Applied Sciences, its departments and facilities operate an information processing and communication infrastructure (IT infrastructure) consisting of information processing systems (computer systems) and a multiservice communication network for the transmission of data, images and voice. The IT infrastructure is integrated into the global Internet.

These terms of use regulate the conditions under which the services offered by this infrastructure can be used. They

  • are based on the legally defined tasks of Fulda University of Applied Sciences and its mandate to safeguard academic freedom;

  • establish basic rules for the proper operation of the IT infrastructure;

  • points out the rights of third parties that must be observed (e.g. with regard to software licences, network operator requirements, data protection aspects);

  • obliges users to behave correctly and use the resources offered economically;

  • obliges the operators to operate the system correctly;

  • informs about possible measures in the event of violations of these user regulations;

  • regulates the details of user registration and computer operation.

The individual organisational units of Fulda University of Applied Sciences can define additional regulations for user registration and computer operation.

Top of page

§ 1 Scope

These Terms of Use apply to the IT infrastructure operated by Fulda University of Applied Sciences, consisting of information processing systems, communication systems and other auxiliary facilities.

Top of page

§ 2 User group and tasks

  • The IT resources specified in § 1 are available to members and affiliates of Fulda University of Applied Sciences for the fulfilment of their tasks in research, teaching, administration, training and further education and public relations work at the university.

  • Other persons and institutions may be authorised to use them.

Top of page

§ 3 Authorisations for use

  1. a formal user authorisation (e.g. user ID, network connection, network access) from the responsible system operator is required to use the IT resources in accordance with § 1.

  2. the use of computer-based services (e.g: e-mail address, internet access, extensive computing time or storage capacity, use of PC pools) is regulated as required in the respective user regulations of the central facilities and departments.

  3. the connection of computers to the university network can only be requested by university staff (professors, employees) via their respective system administrators. They will provide information on rights and obligations and record the required data.

  4. the system operator is

    1. the computer centre for the university network, central systems and services,

    2. for decentralised systems, an organisational unit of Fulda University of Applied Sciences (department, institute, working group, facility or other sub-unit of the university).

  5. The application for a formal user authorisation should contain the following information:

    1. system operator from whom the user authorisation is requested;

    2. systems for which the user authorisation is requested;

    3. applicant: name, address, telephone number and, if available, email address (for students additionally the matriculation number) as well as affiliation to an organisational unit of the university;

    4. information on the purpose of use, e.g. education/teaching, research, administration;

    5. information on whether personal data is processed;

    6. a declaration that the applicant recognises the current version of the user regulations and consents to the collection, processing and use of his/her own personal data for the purpose of user administration, in particular in accordance with Section 6 (5), (6) and (7) of these user regulations. The applicant is obliged to inform himself/herself about changes to the user regulations and to return his/her user authorisation if he/she does not agree to the changes.

    The system operator may only request further information if this is necessary for the decision on the application.

  6. The responsible system operator shall decide on the application. He may make the granting of user authorisation dependent on proof of certain knowledge about the use of the system.

  7. the user authorisation shall be granted if

    1. the project is compatible with the purposes according to § 2 number 1 of these user regulations;

    2. it appears to be guaranteed that the applicant will fulfil his or her obligations as a user;

    3. the system is suitable for the intended use and is not reserved for special purposes;

    4. the capacity of the system for which use is requested is sufficient for the intended work despite existing capacity utilisation;

    5. it is not to be expected that the requested use will unreasonably interfere with other authorised uses.

  8. the user authorisation only entitles the user to carry out work in connection with the requested use.

  9. the user authorisation ends upon notification by the user or if he/she leaves the group of authorised users. The Student Service Center (SSC) informs the Computer Centre of every de-registration and the Human Resources Department informs it of every departure of staff members so that the corresponding user authorisations can be blocked. The Computer Centre informs the system operators of the other organisational units of Fulda University.

top of page

§ 4 Legal integration

The IT infrastructure may only be used in a legally correct manner. Users and operators must inform themselves about the relevant provisions of the Hessian Data Protection and Freedom of Information Act (HDSIG) and other laws (see also laws/data protection). It is expressly pointed out that the following activities, among others, are punishable:

  1. spying (§ 202a StGB) and interception (§ 202b StGB) of data;

  2. preparation of spying and interception of data (§ 202c StGB).
    Note: The activities of the system administrators in accordance with Section 6 (5) to (7) of this document do not violate Section 202c, as the users have agreed to these activities when applying for user authorisation;

  3. unauthorised modification, deletion, suppression or rendering unusable of data (§ 303a StGB);

  4. computer sabotage (Section 303b StGB) and computer fraud (Section 263a StGB);

  5. the dissemination of propaganda material of unconstitutional organisations (Section 86 StGB) or racist ideas (Section 130 StGB);

  6. the distribution and possession of certain forms of pornography on the Internet (Sections 184, 184a, 184b StGB);

  7. offences of honour such as insult or defamation (§ 185ff StGB), insults to denominations, religions or world views (§ 166 StGB);

  8. copyright offences, e.g. by copying software in breach of copyright or entering protected works and distributing them via the IT infrastructure (Sections 106ff UrhG).

In some cases, even the attempt is punishable.

Top of page

§ 5 Rights and obligations of users

  1. the IT resources according to § 1 may only be used for the purposes specified in § 2 number 1 of these user regulations. Any use deviating from this may be permitted if it is minor and does not impair the purpose of the University Computer Centre or the interests of other users.

  2. central systems and services of the computer centre may be used by all members and affiliates of the university, decentralised systems may generally only be used by members and affiliates of the corresponding organisational unit.

  3. users are obliged to ensure that existing resources (e.g. workstations, CPU capacity, disk storage space, line capacity, peripheral devices and consumables) are used responsibly and economically. Users are also obliged to refrain from causing any foreseeable disruption to operations and, to the best of their knowledge, to avoid anything that could cause damage to the IT infrastructure or to other users. Infringements may give rise to claims for damages and lead to exclusion from use (see also § 8 of these user regulations). Users are also obliged to comply with the IT Security Policy of Fulda University of Applied Sciences and to implement all necessary measures for basic protection of the IT infrastructure of Fulda University of Applied Sciences.

  4. users must refrain from any kind of misuse of the IT infrastructure. In particular, they are obliged to do so:

    1. to work exclusively with user authorisations that they have been permitted to use; the passing on of user IDs (user name/password) is generally not permitted;

    2. protect the second factor for two-factor authentication and only use the factors that have been provided to you by the data centre; passing on the second factor is generally not permitted; you can find further information on two-factor authentication in the “Basic protection” document;

    3. to protect access to IT resources as far as possible, e.g. by means of a password that must be kept secret or an equivalent procedure;

    4. to take precautions to prevent unauthorised third parties from accessing IT resources; this includes, in particular, avoiding obvious passwords, changing passwords immediately if they fall into the wrong hands or if there is a suspicion that they have become known to unauthorised persons and not forgetting to log out of the system before leaving the room;

    5. not to identify or use unauthorised user IDs and passwords;

    6. not to gain unauthorised access to information of other users and not to pass on, use or change information of other users that has become known without permission;

    7. to comply with the statutory regulations (copyright protection, copyright etc.) when using software (sources, objects), documentation and other data;

    8. to inform themselves about the conditions under which the programmes, documentation or data, some of which have been acquired under licence agreements, are made available and to observe these conditions;

    9. not to copy or pass on software, documentation and data, unless expressly authorised, nor to use them for purposes other than those permitted, in particular not for commercial purposes. Infringements may give rise to claims for damages (§ 5, clause 9) and result in a restriction of the user authorisation (§ 8).

Users bear full responsibility for all actions carried out under their user ID, even if these actions are carried out by third parties to whom they have at least negligently granted access.

  1. users are prohibited from using the system without the consent of the responsible system operator

    1. to interfere with the hardware installation;

    2. to change the configuration of the operating systems, programmes or the network.

  2. users are obliged to create a record of processing activities in accordance with Article 30 GDPR before introducing and before making significant changes to a procedure in which personal data is processed. The result must be sent to the data protection officer of Fulda University of Applied Sciences. The project must also be coordinated with the respective system operator. The data protection precautions proposed by the data protection officer and the system operator must be used.

  3. Users are obliged to

    1. to observe the guidelines for use provided by the system operator;

    2. to provide the person responsible for the system with information on programmes and methods used for monitoring purposes in justified individual cases upon request (in particular in the event of justified suspicion of misuse and for troubleshooting). This regulation does not cover user data that is protected by telecommunications secrecy or data secrecy, e.g. personal files or personal data of third parties;

    3. to inform themselves about the respective local and system-related conditions and regulations before installing software and to comply with these. Students may not install any software on the computers of Fulda University of Applied Sciences or download any binary files (pre-translated programmes, libraries, etc.) from the Internet and then run them on the computers of Fulda University of Applied Sciences.

  4. users as providers of WWW information:

    1. are responsible for the content of their web pages;

    2. must indicate the imprint on every web page.

  5. Liability of the users

    1. users shall be liable for all disadvantages incurred by Fulda University of Applied Sciences as a result of misuse or unlawful use of the IT infrastructure and user authorisation or as a result of their culpable failure to comply with their obligations under these user regulations. The university may demand that misused resources and other costs be reimbursed by such users in accordance with the Fee Regulations.

    2. users are also liable for damages caused by third-party use within the scope of the access and usage options made available to them if they are responsible for this third-party use, in particular if they have passed on their user ID to third parties. In this case, the university may charge these users a fee for third-party use in accordance with the fee regulations.

    3. users shall indemnify the university against all claims if third parties assert claims against the university for damages, injunctive relief or in any other way due to abusive or unlawful behaviour on the part of the user.

Top of page

§ 5a Obligation of use for students

Upon enrolment, students receive a user ID (fd number) and an e-mail address. The university uses these exclusively to send information to its students. Students are obliged to check these e-mails regularly and to check their e-mail account regularly for incoming messages. When applying for a user ID, students are informed of their obligation to use this e-mail address.

top of page

§ 6 Tasks, rights and obligations of the system operators

  1. the system operator may maintain a user file containing the personal data of the users via the user authorisations granted. An overview of the type of information stored must be accessible to each user. The application documents for the granting of user authorisations must be kept for at least two years after the authorisation expires.

  2. the system operator is entitled to verify the identity of a person before issuing a user authorisation. The verification can be carried out on site using a photo ID or via a video conference.

  3. the system operator shall disclose the persons responsible for managing its systems. The system operator and the system administrators are obliged to maintain confidentiality.

  4. the system operator may temporarily restrict the use of its resources or temporarily block individual user IDs if this is necessary to rectify faults, for system administration and expansion or for reasons of system security and to protect user data. If possible, the affected users must be informed immediately.

  5. if there are reasonable indications that a user is making illegal content available for use on the system operator’s servers, the system operator may prevent further use until the legal situation has been sufficiently clarified.

  6. the system operator is entitled to check the security of user passwords and user data by means of regular manual or automated measures and to implement necessary protective measures, e.g. changes to easily guessable or outdated passwords, in order to protect IT resources and user data from unauthorised access by third parties. The user must be informed immediately of any necessary changes to user passwords, access authorisations to user files and other protective measures relevant to use, insofar as this is possible.

  7. The system operator is authorised to document and evaluate the use of the data processing systems by the individual users for the following purposes:

    1. to ensure proper system operation,

    2. for resource planning and system administration,

    3. to protect the personal data of other users,

    4. for billing purposes,

    5. for the detection and elimination of faults and

    6. for the clarification and prevention of unlawful or improper use.

The system operator keeps an overview of the data collected for these purposes, which can be viewed by every user.

  1. for the purposes listed under section 6, the system operator is also authorised to inspect the user files insofar as this is necessary to eliminate current faults or to clarify and prevent violations of the user regulations and there are actual indications of this. Data secrecy and the dual control principle must be observed.

    However, inspection of the message and e-mail mailboxes is only permitted if this is essential to rectify current disruptions in the message service. In any case, the inspection must be documented and the person concerned must be informed immediately after the purpose has been achieved. In the event of substantiated indications of criminal offences, the system operator shall act in consultation with the university management in consultation with the competent authorities and, if necessary, shall take measures to preserve evidence.

  2. system operators who offer users independent homepages on the WWW_Server_ for publication on the Internet are authorised to automatically generate an imprint on these pages, which contains the full name and e-mail address of the author.

    The logging of connection data (e.g. access to the database of a WWW_Server_) may not contain any personal data.

  3. in accordance with the statutory provisions, the system operator is obliged to maintain telecommunications and data secrecy.

Top of page

§ 7 Liability of the System Operator/Disclaimer

  1. the system operator does not guarantee that the system functions will meet the user’s specific requirements or that the system will run error-free and without interruption. The system operator cannot guarantee the integrity (in terms of destruction, manipulation) and confidentiality of the data stored by the system operator.

  2. the system operator shall not be liable for damages of any kind incurred by users from the utilisation of IT resources in accordance with § 1 of these user regulations, unless otherwise stipulated by law.

Top of page

§ 8 Consequences of improper or unlawful use

In the event of violations of legal regulations or of the provisions of these user regulations, in particular § 5 (Rights and obligations of users), the system operator may restrict the right of use. It is irrelevant whether the offence has resulted in material damage or not. Measures to withdraw or restrict user authorisation, which are decided on by the head of the facility, should only be taken after a prior unsuccessful warning. The person concerned must be given the opportunity to comment.

Top of page

§ 9 Other regulations

  1. charges or fees may be set for the use of IT resources. The fee schedule of the respective system operator shall apply.

  2. supplementary or deviating rules of use may be defined for individual systems as required.

  3. the responsible university body shall decide on amendments to these terms of use. The computer centre and the other system operators must be given the opportunity to comment beforehand.

top of page