Dated 15 December 2010
On the basis of § 81 para 1 of the Law Governing the Universities of the State of Mecklenburg-Vorpommern (State University Law – LHG M-V) adopted 5 July 2002 (GVOBI. M-V, page 398), as last amended by Article 9 of the Act adopted 17 December 2009 (GVOBl. M-V page 687) and the Article of the Law adopted 17 December 2009 (GVOBl. M-V page 729), i. V. m. § 33 para 3 of the Basic Order of the University of Rostock dated 28 October 2003, amended by the Statutes on Amending the Basic Order of the University of Rostock dated 25 July 2008, the University of Rostock issued the following user regulations of the IT and Media Centre:
Preamble
These usage regulations shall ensure a usage of the communication and data processing infrastructure of the IT and Media Centre (ITMZ) of the University of Rostock as smooth, undisturbed and safe as possible. The usage regulations are oriented to the legally determined tasks of the University of Rostock as well as to its mandate to ensure academic freedom. It determines the basic rules for a proper operation of the IT and media infrastructure and, thus, regulated the usage relationship between single users, institutions and the ITMZ.
§ 1 Scope of Validity
The usage regulations apply for the use of information processing and media infrastructure of the ITMZ of the University of Rostock, comprising of data processing plants, the communication systems, the media technology and other facilities for computational information processing and media production subordinated to the ITMZ.
§ 2 Legal Status and Organisation of the ITMZ
(1) The ITMZ is one of the University of Rostock’s central organizational units. It supports the university regarding the implementation of data processing tasks, computational information processing, media production and usage, the technical media service and the teaching of media literacy. Within the scope of existing cooperation agreements, the ITMZ also implements its tasks for other universities of the State of Mecklenburg-Vorpommern.
(2) The ITMZ is managed by a full-time director. The director is appointed by the rector after a hearing in the Academic Senate and is bound to the decisions of the rector. He/she is responsible for the fulfillment of the ITMZ tasks and for the appropriate assignment of employees and material resources.
(3) The rector designates an advisory board „Information, Communication and Media“ (IKM) for advising university management and faculties. It gives recommendations and prepares decisions. The advisory board IKMs organization and tasks are defined in rules of procedure that can be modified with an absolute majority of the advisory board’s voting members.
§ 3 Tasks of the ITMZ
(1) As central organizational unit, the ITMZ is a service institution for the entire university and responsible for a university-wide provision of IT and media infrastructure for study, teaching, education, research and administration.
(2) The ITMZ is particularly responsible for the following tasks:
- Planning, implementing and operating the data processing facilities of the ITMZ for
- Tasks in study, teaching, education and further education, research and administration,
- Planning, implementing and operating the university-wide information and communication networks, telecommunication system, needed network services and technical media systems and plants included
- Necessary networking services and technical media systems and plants,
- Software system and services provision and support for IT support of study, teaching, education, further education, research and administration processes of the university,
- Support of the data processing resources available for the university, of the stationary technical media systems and of the operational-technical monitoring of all data processing plants of the university as far as not under the responsibility of other organizational units or institutions of the university,
- Coordination of the purchasing of data processing plants, application systems and technical media systems,
- Repair, service and maintenance of media-technology plants in the university’s teaching areas,
- Central technology lending service with user advice service,
- Selection, purchase, administration, documentation, maintenance and further development of software, particularly university and campus licenses,
- Advice and support of staff members and students with using the IT and media infrastructure and application systems,
- Implementation of training and further education measures for university staff members and support of other departments with data processing related courses,
- Teaching of practical competence to staff members, students,
- Contribution to several state-wide and national boards and programs, particularly regarding cooperative usage of IT resources.
(3) For ensuring a proper operation of the information and communication network and of the data processing systems and media technology allocated to the ITMZ, the ITMZ director is authorized to issue additional rules related to the usage of the ITMZ facilities, such as e.g. operation regulations and usage regulations for the university’s communication network, the use of the computer pool and the technical-organizational guidelines for servers and services of the ITMZ.
§ 4 Usage Authorization and Approval for Usage
(1) Authorized to get an ITMZ service approval for usage are
- Members and institutions of the University of Rostock,
- External persons who are entrusted by the University of Rostock with providing services,
- Members of other universities of the State of Mecklenburg-Vorpommern,
- State universities from outside Mecklenburg-Vorpommern, based on specific agreements,
- Other state research and education institutions and authorities of the state of Mecklenburg-Vorpommern based on special agreements,
- Student unions of the State of Mecklenburg-Vorpommern
(2) The authorization is granted exclusively for scientific research, education and study purposes, for library purposes and university administration purposes, for education and further education and for fulfilling other tasks of the University of Rostock or other institutions according to paragraph 1. Any deviating usage can be approved if marginal and not impairing the intended usage of the ITMZ and the interest of other users.
(3) The usage for ITMZ institutions and services is approved by granting a usage authorization. University members in accordance with § 50 section 3 of the State University Act do generally have a usage permission. Members of the University of Rostock automatically get an approval of usage when starting their membership. This applies until the membership at the University of Rostock ends. Other persons and institutions determined in paragraph 1 get their approval of usage upon written application addressed to the ITMZ.
(4) The application shall be filled in by using the form provided by ITMZ. As a principle, applicants are university members, usually the head of institution or project the project is allocated to, confirming the legitimate exceptional situation according to paragraph 1. The application for a usage authorization according to special agreements according to paragraph 1 does not need an explicit applicant. Co-applicant is the user. The form should contain the following information:
- Name, address and signature of the user,
- Name, institution and signature of the applicant,
- Description of the purpose of use or of the planned project, needed resources,
- Declaration on the processing of personal data by the user.
- Declaration with signature that the applicant agrees to the ITMZ regularly checking the user data manually and by automated measures and implementing necessary protective measures, e.g. by replacing passwords easy to guess, for protecting data processing resources and user data against unauthorized access of third parties,
- Declaration that affected users are immediately informed about the necessary change of their user password, the access authorization for their user files and other usage relevant protection measures
- Acceptance of the usage regulations and of the operation regulation issued according to § 3 section 4 as basis of the usage regulations
- Written or electronic declaration of consent of the user on processing their personal data,
- Information on the optional documentation of user behaviour and inspection of user files according to the usage regulations (see § 7).
Further information can be collected only if needed for deciding upon the application for approval:
(5) The approval of usage is limited to the applied project and can be limited in time.
(6) For ensuring a proper and smooth operation, the user authorization can, in addition, be linked to a limitation of computing and online time as well as to other user related conditions and requirements.
(7) In addition, the ITMZ is authorized to relate depend the usage to proving certain knowledge on the usage of the demanded data processing systems, media technology and data processing services.
(8) In case there are not enough data processing resources for meeting the interest of all authorized users, operating material can be apportioned for single users according to the order determined in paragraph 1, because an approval can only be granted within the framework of available capacities.
(9) The user authorization can be refused fully or in parts, withdrawn or subsequently limited, particularly if
- No proper application is available or information in the application are not or no longer valid
- The conditions for properly using the facilities are not or no longer met
- The person authorized for usage was excluded from the usage according to §6,
- The user’s planned project is incompatibly with the ITMZ tasks and the purposes specified under paragraph 2
- The available resources are not suitable for the applied use or reserved for special purposes,
- The capacities of the resources which usage is applied are insufficient for the planned usage due to an already existing utilizations,
- The used data processing components are connected to a network that has to meet special data protection requirements and no objective reason for the planned usage was concluded
- It is expected that the applied usage will limit other projects in an inappropriate manner.
§ 5 User rights and obligations
(1) The persons authorized for usage (users) have the right to use the facilities, data processing facilities equipment and information and communication systems of the ITMZ within the context of usage and in accordance with these usage regulations as well as the rules issued under § 3 paragraph 3. Any deviating use needs separate approval.
(2) The users are obliged,
(General)
- To observe the user regulation requirements and the user regulation limits, particularly of the user rights according to § 4, section 2,
- To refrain from anything that disturbs the proper operation of the ITMZ data processing facilities,
- To treat all data processing systems, information and communication systems, media technology and other ITMZ facilities gently and with care,
(Handling User Identification)
- To exclusively work with those user identifications they were authorized to use in the scope of the authorization,
- To ensure that no other persons become aware of the user passwords and to take precautions that unauthorized persons do not get access to data processing resources of the ITMZ; this includes protecting the access with a confidentially kept and suitable password which cannot be easily guessed and should be regularly modified,
- To neither search nor use any external user recognitions or passwords,
- To not access other users’ information and to not forward, use or modify any other users’ information that have become known to him,
(Software Usage, Copyrights)
- To observe, when using software, documentation and other data, the legal requirements, particularly on copyrights, and comply with the license conditions under which software, documentation and data were provided by ITMZ,
- To neither copy the software, documentation and data provided by the ITMZ as far as not explicitly permitted, nor forward it to any third party nor to use it for any other than the authorized purpose,
(Use of the facilities, computer pool)
- To follow the instructions of the staff inside the ITMZ premises and to observe the house rules,
- Not to remove any failures, damages or errors that occur on ITMZ data processing devices, media technology and data carriers but to immediately report it to ITMZ staff members,
- Not to make any interventions on ITMZ hardware installations and not to modify the configurations of the operation system, system files, system relevant user files and the network,
(Use of Borrowed Technology)
- Borrowed ITMZ technology must be handled with care,
- When borrowing, a sufficient qualification with handling the technology must be proven,
- Any malfunction, internal or external damage occurring during the lending, must be unsolicitedly indicated when returning,
- Any forwarding of borrowed technology to other persons is prohibited,
- The use of borrowed technology is prohibited,
(Other Issues)
- To provide information on programs and used methods and insights into the program to the ITMZ management upon request in justified individual cases - particularly in cases of reasonable suspicion of abuse and for failure removal,
- To agree upon the processing of personal data with the ITMZ and - irrespective of own data-protection law obligations of users - consider the data protection and data safety measures proposed by the ITMZ.
(3) The following criminal offences are particularly indicated:
- Data spy out (§ 202a German Criminal Code),
- Data modification (§ 303a German Criminal Code) and computer sabotage (§ 303b German Criminal Code),
- Computer fraud (§ 263a German Criminal Code),
- Circulating pornographic material (§§ 184 ff. German Criminal Code), particularly dissemination, acquisition and possession of child pornographic publications (§ 184b German Criminal Code) and the dissemination of pornographic presentations via radio, media or teleservices (§ 184c German Criminal Code),
- Verbreitung von Propagandamitteln verfassungswidriger Organisationen (§ 86
- StGB) und Volksverhetzung (§ 130 German Criminal Code),
- Ehrdelikte wie Beleidigung oder Verleumdung (§§ 185 ff. German Criminal Code),
- Strafbare Urheberrechtsverletzungen, z. B. durch urheberrechtswidrige
- Copying of software (§§ 106 ff. Copyright law) or used media (without provable own rights),
§ 6 Exclusion from Usage
(1) Users can be, temporarily or permanently, restricted regarding or excluded from the usage of the DV resources, if they
- Culpably violate these user regulations, particularly the obligations listed in § 5 (abusive behaviour), or abuse the ITMZ resources for criminal offences or the university experiences disadvantages because of other illegal user behavior.
(2) Measures according to paragraph 1 shall only be implemented after prior ineffective warning. The affected person will be given the opportunity to make a statement. She/he can request mediation from the head of the IKM advisory board. In any case, he will get the opportunity to save his/her data.
(3) Preliminary use restrictions the ITMZ director decides upon are cancelled as soon as a proper use seems to be ensured again.
(4) A permanent use restriction or complete exclusion of a user from a further usage, can be considered only after severe or repeated violation in the meaning of paragraph 1, if a proper behavior is not expected even in future. The decision on a permanents exclusion is taken by notice by the chancellor upon ITMZ request and after hearing the IKM advisory board.
§ 7 Rights and Obligations of the ITMZ
(1) The ITMZ collects user and mail IDs of authorized users. The following data are stored for the period of user authorization:
Name, first name, date of birth, user ID, email address
(2) As far as needed for failure removal, system administration and expansion or for system security and user data protection, the ITMZ is authorized to temporarily limit the usage of resources or to temporarily block single user IDs. As far as possible, the affected users shall be informed accordingly in advance.
(3) In case there are true indications that a user keeps illegal content available for use on ITMZ servers, the ITMZ can prevent a further use until the legal situation is sufficiently clarified.
(4) The ITMZ is authorized to check the safety of system/user passwords and user data via regular manual or automated measures and to implement necessary protection measures, e.g. changes of passwords that are easy to guess, to protect data processing resources and user data against unauthorized access of any third party. In case of necessary user password changes, the access authorizations on user files and other usage relevant protection measures, the user must be informed accordingly without delay.
(5) According to the following regulations, the ITMZ is authorized to document and evaluate the use of data processing systems by the single users, but only as far as necessary:
- For ensuring a proper system operation,
- For resource planning and system administration,
- For protecting personal data of other users,
- For billing purposes,
- For recognizing and removing failures and
- For revealing or preventing illegal and abusive usage.
(6) Under the conditions of paragraph 5, the ITMZ is also authorized to view user data in compliance with the data secrecy as far as necessary for removing current failures or for informing and suppressing misuse if factual indications for this are available. Any insight into message and email boxes is only permitted if essential for removing current news service malfunctions. In any case, this insights must be documented to immediately inform the affected users after attainment of purpose.
(7) Under the conditions of paragraph 5, traffic and user data can (particularly related to email use) can be documented. Only the detailed circumstances of telecommunication, but not the non-public communication content – is allowed to be collected, processed and used. The traffic and user data related to online activities in the internet and via other tele-services the ITMZ provides for use or the ITMZ offers access for usage to must be deleted as soon as possible, by the end of the relevant usage latest, as far as these are no account data.
See § 96 para. 1 TKG, §§ 15 para. 1, 13 para. 4 No. 2 TMG.
(8) According to the legal regulations, the ITMZ is bound to the telecommunication and data secrecy.
See § 88 TKG and e.g. § 6 DSG NW.
§ 8 Liability of the User
(1) The user is liable for all disadvantages that occur to the university due to abusive or illegal use of data processing resources, media technology and the user authorization or due to the user culpably not complying with his/her obligations out of the usage regulations.
(2) The user is liable for damages that occurred within the scope of access und usage opportunities provided to him/her out of usage by third parties if he/she is liable for this third party use, particularly in case of forwarding his/her user ID to a third party. In this case, the university is authorized to demand a user fee for third party use according to the fee regulations.
(3) The user has to release the university from all claims in case third parties sue the university regarding abusive or illegal behavior of the user for damage compensation, omission or otherwise. The university will announce the dispute to the user as far as third parties take legal actions against the ITMZ resulting from such claims.
§ 9 Liability of the University
(1) The university does not give any guarantee that the system runs error-free and without interruptions at any time. Possible data losses resulting from technical failures and notifications of confidential data due to unauthorized access of third parties cannot be excluded.
(2) The university is not liable for the correctness of provided programs. The university is also not liable for the content, particularly for the correctness, completeness and topicality of the information, it solely provides access for usage.
(3) Furthermore, the university is only liable in case of premeditation or gross negligence of its staff members unless a culpable violation of essential obligations has occurred, which to keep is of essential importance for fulfilling the contract purpose (cardinal obligations). In this case, the university’s liability is limited to the typical damages which can be foreseen at the time of establishing the usage relationship, as far as no premeditation or gross negligence has occurred.
(4) Possible authority liability claims against the university remain unaffected by the aforementioned regulations.
§ 10 Entry into Force
This regulation enters into force on 1 January 2011. Simultaneously, the former user regulations of the URZ expire.
Issued based on the decision of the Academic Senate of the University of Rostock on 1 December 2010 and the approval of the Rector dated 15 December 2010.
Rostock, 15 December 2010
The Rector
of the University of Rostock
Prof. Dr. Wolfgang D. Schareck