Network Regulations
Based on Section 92 Para. 3 Sentence 1 of the law for Universities in the Free State of Saxony (Sächsisches Hochschulgesetz - SächsHSG) dated 10/12/2008 (Saxony Law Gazette (SächsGVBl.) p.900), which was last amended on 26/06/2009 by Article 10 (SächsGVBl., pp.375, 377), the Mittweida University of Applied Sciences (hereinafter referred to as University) issues the following Network Order as a Charter of the University.
Preamble
This network order directive aims to ensure the undisrupted, unimpeded and secure operation of the communications and data processing infrastructure of the University. The network order is orientated around the statutory obligations of the University as well as its mandate for the protection of academic freedom. It establishes the foundations for the proper operation of the information processing infrastructure and thus regulates the relationship between the individual users and the University.
§ 1 Area of validity
This network order applies to the use of the data processing infrastructure of the University’s Network and Communications Centre (hereinafter referred to as NCC), consisting of the data processing systems and other facilities for computer based information processing, as well as the additional provided services, that are directly or indirectly assigned to the NCC. It also applies to such services of the information processing structure that are assigned to the University faculties and other structural units. It also applies to the networks of work and research partners of the University who are directly or indirectly connected to the University network. The agreements with the partners concerning the adherence to the network order must be documented in the cooperation agreement.
§ 2 Legal position and structure of the NCC
- The NCC is a central institution of the University.
- The leader of the NCC is appointed by the chancellor of the University and is subordinate to the chancellor.
- The leader of the NCC may issue further orders to ensure the proper operation of the information and communication networks as well as the data processing systems that are assigned to the NCC. These orders include specifically:
- regulations concerning the operational processes,
- the handing over of modalities and data formats to the NCC in order for it to fulfil its duties,
- taking the proper measures to ensure its network security.
§ 3 Duties of the NCC
- The NCC is, in accordance with Paragraph 1, responsible for the provision of central services and supports the faculties and other structures of the University with the implementation of data processing tasks and computer based information processing.
- The specific duties of the NCC:
- Planning, execution and operation of the NCC electronic data processing equipment in the following areas: research, teaching, studies and administration.
- Supervision of all University data processing resources and departmental supervision of all data processing equipment of the University, when such is not performed by any other organisation within the University.
- Procuring, administering and documentation of standard and special software, especially University and campus licenses. This also includes the selection, application and supervision of software products used in administration.
- Briefing, counselling and supporting the users when they the provided services.
- Planning, installation and operation of the information and communication networks, including the necessary network structures, the central server and the data communication systems.
- Provision and maintenance of a trouble-free and uninterrupted operation of the data network.
- Co-ordination of the development and maintenance of the data network.
- The administration of network user identities – name and address spaces.
§ 4 Purposes of use
The services of the NCC are to be used exclusively for scientific purposes in research, teaching and studies. The services of the NCC may also be utilised to fulfil the aims of the library and the University administration, for training purposes and other duties of the University. Other users may use these services but only if such use is minimal, does not violate the aims of the University, or restrict the other users in any way. /p>
§ 5 Rights of use
The following persons may use the services of the NCC:
- Members and employees of the university.
- Persons who have been commissioned to do work or research for the University.
- Members of other universities who have special research or work agreements with the University.
- Employees or persons who have been commissioned by other research and teaching institutions, and public servants of the Free State of Saxony who have special permission from the University.
- Employees and persons who have been commissioned by the Student Union in Freiberg. (Studentenwerk Freiberg).
- Other legal or natural persons, as long as they do not violate the conditions set out in Paragraphs 1-5 and the University has a special interest in allowing them to use the services. This special interest is to be confirmed by the leader of the relevant structure.
§ 6 Access to the network
- Permission to use the NCC facilities and services is regulated in accordance with the capacity of the resources. Permission is granted following access authorisation by the NCC upon written application to the NCC for rights of use. Students of the University automatically have a right of use through their matriculation. The employees of the University obtain the right of use when they begin their employment. They need not apply to use the computers.
- An application, (a prepared form for which can be found at the NCC), must contain the following information.
- Name, address, date of birth and the University status of the applicant in terms of paragraph 5.
- The consent of the applicant for the processing of their personal data.
- For users (in accordance with Paragraph 5 Nos. 2 to 6) the intended length of the period of usage.
- For users (in accordance with Paragraph 5, Nos. 4 and 5) a certificate of employment is needed, or a copy of the work order.
- For users (in accordance with Paragraph 5, no. 6) the letter of consent from your department head to use the resources, stating the legal basis for this, is necessary.
- Minors need to have the consent of their parents or legal guardians to obtain rights of use.
- After confirmation that the students or users have read the instructions, full access will be granted by e- mail in accordance with Paragraph 8.
- The amount of time you are authorised to access the system may be limited. To guarantee proper and undisturbed operation the user permission is connected to a limitation on computing and online time as well as other user related conditions and restrictions. If the data processing resource capacity is insufficient to provide for all rightful users the equipment may be allocated to individual users.
- The right of use may be completely or partially invalidated, rescinded or limited, in particular if:
- No proper application has been completed or the information in the application is not or no longer correct, unless the application in accordance with No. 1 is unnecessary,
- the conditions for the proper use of the data processing system are not or no longer being fulfilled,
- the person is no longer a valid user in accordance with Paragraph 9,
- the intended use is not compatible with the aims of the University and the purposes named in Paragraph 4,
- the data processing resource capacity is reserved for use by other persons or projects,
- the resource capacity which you are trying to use is insufficient for the planned usage due to being previously allocated to another project,
- the data processing components to be used are connected to a network that has to meet particular data protection requirements and there is no valid reason for the intended use of the resources,
- other users have to unreasonably limit their rightful access due to the application for usage,
- the student is expelled or,
- the employee leaves the University’s employ.
§ 7 Rights and duties of users
- The user has the right to use all NCC facilities, data processing installations and information and communication systems following approval and in accordance with these conditions of use as well as the rules stipulated in Paragraph 2 No. 3. All other usage that deviates from this requires special permission.
- Users must:
- adhere to the conditions of use and the user permission, especially as set out in the Purposes of Use in Paragraph 4,
- refrain from any use that would interrupt the proper functioning of the University data processing systems,
- obtain consent from a responsible employee of the NCC or the faculty when wanting to use resource capacities that exceed the normal capacity,
- handle all data processing facilities, information and communication systems and all other University facilities with care,
- work only with their own user I.D., the use of which is granted within the framework of the official approval,
- take care that no other person knows their user passwords as well as take precautions so that no unauthorised person is able to access the University data processing resources. This includes protecting access by means of a suitable password, i.e. a password that cannot be easily guessed, which should be changed regularly and kept secret,
- not determine or use any foreign user identification or passwords,
- not access any information from other users without permission, and not pass on, use or change any information concerning other users that has become known to them,
- adhere to the legal guidelines, especially concerning licensing and copyright, when using software, documentation and other data, and must observe the licensing conditions by means of which the software, documentation and data has been made available by the University,
- not copy or pass on University software, documentation or data to a third party unless specific consent has been given to do so, or use the same for any purposes other than those permitted,
- follow the instructions of the personnel in the University computer rooms and respect the rules of the University and rooms,
- produce user authorisation upon demand,
- immediately report interruptions, damage or faults of the University data processing facilities or data storage equipment to the responsible person from the NCC or faculty and not attempt to repair equipment themselves.,
- not interfere in the University hardware installations without express permission from a responsible member of the NCC or the faculty, or change the configuration of the operating systems, system data, user data relevant to the system and the network,
- in justified individual cases and upon request, give the NCC leaders information about programs and methods used as well as allow access to the programs for control purposes – especially in justified cases of misuse and for troubleshooting,
- agree to the processing of personal data with the NCC and – without prejudice to the individual data protection rights of the user – to respect the data protection and data security measures proposed by the NCC,
- not enter the name of the University, department, study group or study discipline in the index or search feature when registering HTML resources on search engines or entering information into search engines.
§ 8 User instructions
- Before use of NCC facilities and services, the user must be instructed in their duties arising from this order – especially those from Paragraph 7 No. 2. The user must confirm that they have read this document. The NCC leader can determine services which may be used without confirmation of having read these instructions.
- In the instructions, in accordance with Paragraph 1, reference must particularly be made to the following criminal acts:
- Data espionage (Section 202a StGB – German Penal Code),
- The alteration of data (Section 303a StGB) and computer sabotage (Section 303b StGB),
- Computer fraud (Section 263a StGB),
- Distribution of pornographic images (Section 184 et seq. StGB), in particular distribution, acquisition and possession of child pornography (Section 184b StGB), and the distribution of pornographic performances via radio, media or television services (Section 184d StGB),
- Distribution of propaganda for unconstitutional organisations (Section 86 StGB) and sedition (Section 130 StGB),
- Libel offences such as insults and defamation (Section 185 et seq. StGB),
- Infringing copyright law, for example through illegal reproduction of software (Section 106 et seq. UrhG – German Copyright Act).
§ 9 Exclusion from use
- Users may be temporarily or permanently forbidden from using the data processing resources, either fully or partially, if:
- the user knowingly violates the network order, in particular the duties set out in Paragraph 7,
- the user utilises the NCC data processing resources to commit criminal acts,
- the user disadvantages the University in any other way by using the computer illegally.
- Measures in accordance with No. 1 will only be taken after you have been unsuccessfully warned. Paragraph 10 Nos. 2, 3, 5 and 7 are not affected by this. The user will be granted the opportunity to make a statement. The user will be granted the opportunity to secure their data in all cases.
- Temporary usage restrictions, to be decided on by the NCC leader, may be lifted as soon as proper usage can once again be guaranteed by the user.
- A long-term restriction on or the complete exclusion from further use will be deemed necessary only in the case of serious or repeated violations as defined by No. 1, also if proper use by the user cannot be expected in the future. The decision concerning a long-term exclusion is made and ordered by the Chancellor at the request of the NCC leader. Possible University claims arising from the contractual user relationship remain unaffected.
§ 10 Rights and duties of the NCC
- The NCC keeps a user database of the usage authorisations granted. The following information is stored in this database:
- User I.D. and assigned e e-mail addresses
- User’s name
- User’s title and academic title
- User’s date of birth
- User status (in accordance with Paragraph 5)
- For students: matriculation number, seminar group and matriculation status
- For employees: personnel number, department, period of employment in this department and end of employment if applicablethe intended usage period specified in the access application
- For users as defined by Paragraph 5 No. 6, he person responsible
- The NCC may temporarily limit access to NCC resources or temporarily block some users from using the resources, as long as this is necessary for the purpose of emergency maintenance, system administration, system expansion or for reasons of system security or protection of user data. As far as possible, the users affected will be informed of this in advance.
- If evidence exists to suggest that the user has illegal content available on the NCC servers, the NCC is entitled to prevent further use until the legal position has been adequately resolved.
- The NCC is, according to the following regulations, entitled to document and evaluate the use of the data processing systems by the individual users, but only insofar as this is necessary:
- to ensure proper system operation,
- to plan resources and for system administration,
- to protect the personal data of other users,
- for billing purposes,
- for the identification and elimination of errors and
- for the clarification and prevention of illegal or criminal usage.
- Based on the conditions set out in Paragraph 4, the NCC is entitled, under consideration of data protection, to access user data, insofar as this is necessary for repairing current operational breakdowns or to resolve or prevent misuse and as long as there is evidence to suggest this. This access will be documented and the relevant user will be informed of this procedure immediately after this has fulfilled its purpose.
- The NCC may only access messages and electronic inboxes with the consent of the relevant user, and only insofar as this is necessary for the restoration of current interruptions in the e-mail service. The access and the consent of the user must be documented.
- In accordance with the requirements set out in Paragraph 4, data traffic and data usage, especially in e-mail usage, may also be documented. However, only the circumstances surrounding the telecommunications, and not the private content, may be collected, processed and used. The traffic and usage data from online activity on the internet and other telecommunications services that are available for use by NCC or to which the NCC gives access for use is to be deleted by the NCC as soon as possible, at the latest at the end of every session it is used, except where this information is to be used for billing purposes
- In accordance with legal provisions, the NCC is obliged to comply with the telecommunication and data confidentiality acts.
§ 11 User liability
- The user is liable for all disadvantages that the University sustains as a result of their improper or illegal use of the data processing resources and usage permission or as a result of the user not complying with or violating these conditions of use.
- The user is also liable for damages that have been sustained as a result of third party use of the access and use possibilities made available to them, if the user is responsible this third party use, in particular in the case of the user having passed on their user I.D. to third parties. In this case, the University may claim a usage fee for the third party use in accordance with the fee regulation.
- The user is to release the University from all claims if third parties file a claim against the University, such as for compensation, neglect or otherwise, due to the improper or illegal behaviour of the user. The University will announce the dispute to the user if the third party begins legal action against the NCC.
§ 12 University liability
- The University does not guarantee the error-free and uninterrupted working of the system. Loss of data as a result of technical disruptions, as well as the gaining of confidential information by third parties as a result of unauthorised access, cannot be excluded.
- The University does not accept any responsibility for the accuracy of the available programs. Nor does the University accept liability for the content, in particular for the accuracy, completeness and up-to-dateness of information, for which it only gives access for use.
- Otherwise the University is only liable for the premeditation or gross negligence of its employees unless a culpable breach of fundamental contractual obligations has occurred. In this case, the University’s liability extends to typical damages which may be deemed foreseeable at the time of the establishment of the user relationship insofar as no premeditated or grossly negligent behaviour has occurred.
- Any public liability claims against the University are not affected by the above.
§ 13 Validity
This network order comes into effect from 1 March 2010 and may be found on the internet portal website at www.hs-mittweida.de/ordnungen. At the same time, the network order of 3 November 1997 will be invalidated.
Issued based on the Proclamation of the Rector’s Office of 5 May 2010, the statement of 28 April 2010 and the NCC hearing of 26 March 2010, and the University Data Protection Officer of 24 March 2010.
Mittweida, 6 May 2010
The Rector
of the University of Applied Sciences Mittweida
Prof. Dr. Ing. Lothar Otto