The following English translation of the “Nutzungsordnung der GWDG” is for information purposes only. Only the German version is legally binding.
For the sake of easier reading, the masculine form will be used consistently throughout this document, whilst it is to be explicitly interpreted as including the female form.
Article 1 Scope
Article 2 Legal Status, Organisation and Functions of the GWDG
(1) The GWDG is a shared corporate facility of the Georg-August-University Göttingen and the non-profit Max Planck Society (Max-Planck Gesellschaft zur Förderung der Wissenschaften e. V.). It fulfils the function of a joint computing and IT competence centre for the Max Planck Society (MPG) and the IT centre for the University of Göttingen. Its scientific research tasks are nested in the area of applied computer sciences. Moreover, the GWDG promotes the training of specialised staff for information technology.
(2) The GWDG's organisation and responsibilities are laid down in the partnership agreement and the guidelines governing the Centre's work. The responsibilities of the GWDG as the university computing centre for the University of Göttingen are laid down in a separate agreement.
Article 3 User Authorisation and Permission to Use
(1) The following parties may be authorised to use the services provided by the GWDG
- Staff, members, associates, students and affiliated institutions including the administration of the University of Göttingen and the Max-Planck Society;
- Authorised representatives contracted by the University or the MPG in order to fulfil their contractual duties and responsibilities;
- The Student's Association (Studentenwerk) Göttingen;
- Members and associates of other universities in Lower Saxony or national universities outside of Lower Saxony by virtue of special arrangements and agreements;
- Other national research and educational institutions and public authorities by virtue of special arrangements and agreements;
- Institutions affiliated through research alliances by virtue of special arrangements and agreements.
(2) The GWDG reserves the right to limit the user groups in accordance with its partnership agreement.
(3) Permission to use is granted exclusively for academic, scholarly and scientific purposes in research, teaching and studies, for purposes relating to the library, the administration, continuing education and further education as well as for the purpose of fulfilling other duties and responsibilities incumbent upon the University or the MPG. Any use in derogation thereof may be permitted in accordance with the Partnership Agreement if its scope is narrow and said use does not affect the GWDG's mission or the concerns of the other users.
(4) Permission to use the GWDG's facilities and services shall be granted by issuance of a user permit. The user shall apply for a user permit in writing or according to other procedures agreed on with the University and the MPG. Thereupon, the GWDG shall issue the permit after approval by the management of the affiliated institution to which the applicant is assigned.
(5) The application, which as a rule should be submitted electronically and must be approved by the institution's management, shall contain the following information:
- Name and employment address of the applicant and the affiliated institution to which the applicant is assigned,
- The requested IT resources,
- Declaration with respect to the processing of personal data by the user,
- The user's written or electronic consent to the processing of his personal data.
(6) The user permit can be time-limited.
(7) In order to ensure proper and fault-free operation, the user permit may be additionally subject to other requirements.
(8) Above and beyond this, the GWDG may make its permission to use contingent upon proof of certain knowledge about the use of the requested data processing systems and IT services.
(9) If the capacities of the IT resources are not sufficient to satisfy the needs of all users, the operating equipment for the individual user may be consigned in the order listed under Article 3 (1); this is because permission to use facilities can only be granted when allowed by the available capacities. The particulars are laid down in the “Directives on Consignment, Kontingentierung von IT-Leistungen der GWDG“.
(10) In general, the user permit is granted to individuals by providing them with one or several personal user IDs. User IDs granting authorisation to user groups or function-related instead of person-related use (function IDs) are only provided in justified exceptions.
(11) The user permit can be denied wholly or in part, revoked or retrospectively limited, particularly if
- no proper application has been submitted or the information in the application is not or no longer applicable;
- the prerequisites for proper use of the IT facilities do not or no longer exist;
- the person holding access authorisation has been excluded from use under Article 5;
- the user’s envisioned project is incompatible with the tasks and objectives of the GWDG and the purposes laid down in Article 3 (3);
- the available IT resources are unsuitable for the requested usage or reserved for specific purposes;
- the capacity of the resources requested for use are inadequate for the planned usage because existing capacity is exhausted;
- the IT components to be used are connected to a network subject to special data protection requirements and there is no material reason clearly evident for the planned usage;
- the requested usage is expected to unreasonably impair other approved projects (see also Article 9 (2).
(12) The user permit expires,
- when the institution or the user has submitted their termination of use to the GWDG.
- when the user has left the institution which granted the approval for the user permit. The management of the institution must notify the GWDG without delay any time a user leaves the institution. In case special services are provided, explicit time limitations shall be set for these notices. These services are to be stated in the “List of Special Services with Explicit Notification Periods, Liste spezieller Dienste mit expliziten Mitteilungsfristen” (see Annex).
Article 4 User's Rights and Obligations
(2) The users are obligated to
- refrain from anything that disrupts proper operation of the GWDG's IT facilities;
- treat all of the GWDG's data processing facilities, information and communications systems and other equipment with care and circumspection;
- refrain from any unlawful usage and, above and beyond that, refrain from any usage that might potentially cause any disadvantages to the GWDG or prejudice the image or interests of the GWDG;
- report to the GWDG immediately any changes to the basis on which the authorization for the user permit was granted;
- ensure that e-mails sent to the e-mail boxes associated with their User IDs are read regularly;
(Handling of User IDs)
- to work exclusively with the User IDs for the usage permitted within the scope of the user permit;
- take precautions to keep unauthorized persons from accessing the IT resources of the GWDG; this also includes protecting access with an appropriate password, i.e. One that is not easy to guess, which must be kept secret and that is at best changed regularly;
- make sure that no unauthorised persons can discover the passwords;
- change passwords the minute that any suspicion arises that unauthorised persons have discovered the passwords and report the suspicion to those responsible at the GWDG so that they can check it to see if this has any impact and implications for other systems;
- neither try to find out nor to use other persons’ User IDs and passwords;
- not access other users’ information without permission, and not share, use for ones’ own purposes or modify any disclosed information relating to other users without permission;
(Software Use, Copyrights)
- comply with statutory and contractual regulations particularly relating to copyright protection when using software, documents and other data, and observe the licensing terms and conditions under which software, documents and data are provided by the GWDG;
- not copy software, documents or data provided by the GWDG or share it with third parties unless this has been explicitly permitted, nor to use them for other than the approved purposes;
- delete authorised copies of the software, documents or data provided by the GWDG, after expiry of the user permit, unless express permission for further use has been granted;
(Use of the GWDG’s Facilities and Equipment)
- follow the instructions given the staff on the GWDG's premises and abided by the House Rules of the GWDG;
- present authorisation upon demand;
- not personally troubleshoot any disruptions, damage or faults occurring in the IT equipment and data carriers of the GWDG, but report them immediately to the GWDG staff;
- without express permission from the GWDG, not interfere with the GWDG hardware installations and not change the configuration of the operating systems, system files, system-related user files or the network;
- ensure proper use when porting job-related and private devices to network inputs made accessible within the scope of the user permit (provided that the use of private devices has been permitted),
- when doing so, take particularly measures consistent with the state of the art in order to avoid problems and prevent damage within the network and to IT systems, e.g. due to wrong configurations, software errors or malware,
- and thereby avoid interferences resulting from inappropriate and unnecessary burdening of the network,
- and, in the process, not operate any servers or relay systems via these network inputs without express permission from the GWDG;
- to observe the "Rules and Regulations Governing Interactions Among User of the Communication Services Provided by the German Research Network (DFN), Benutzungsordnung für das Zusammenwirken der Anwender der DFN-Kommunikationsdienste” whenever the use the GWDG's internet access;
(Hosting and Provision of Proprietary Services)
- to safely operate software and systems according to the state of the art when using the GWDG's hosting offerings (including both physical as well as virtual machines) or when availing oneself of the internet offerings and other services provided on GWDG systems, and to ensure compliance with statutory, legal and other regulations;
- upon request, in justified individual cases – particularly in the event of a justified suspicion of misuse and for the purpose of fault rectification – provide the GWDG's management with information about the programmes and implemented methods, and grant them access to the programmes for monitoring purposes as well as allow the GWDG's management to inspect the programmes;
- coordinate any processing of personal data with the GWDG. Above all, it is the user himself, as controller, who is responsible for protecting his data and programs on the systems of the computer centre. When processing personal data, he is obligated to employ suitable protective measures within the meaning of data protection laws, whilst being allowed to rely on the protective and precautionary measures provided by the GWDG (Article 6 (5)).
(3) Special reference is made to the following offences punishable under the German Criminal Code (StGB):
- Data espionage (Section 202a StGB)
- Phishing (Section 202b StGB)
- Acts preparatory to data espionage and phishing (Section 202c)
- Data tampering (Section 303a StGB) and Computer sabotage (Section 303b StGB)
- Computer fraud (Section 263a StGB)
- Distribution of pornography (Sections 184 ff. StGB), particularly distribution, acquisition and possession of child or juvenile pornographic materials (Section 184b, Section 184c StGB) and Distribution of pornographic performances by broadcasting, media services or telecommunications services (Section 184d StGB)
- Dissemination of propaganda material of unconstitutional organisations (Section 86 StGB) and Incitement to hatred (Section 130 StGB)
- Defamation such as libel or slander (Sections 185 ff. StGB)
- Criminal exploitation of copyrighted works, e.g. violation of software property rights (Sections 106 ff. of the German Copyright Act (UrhG)).
Article 5 Exclusion from Use
(1) Usage of IT resources by users may be temporarily or permanently limited or prohibited altogether, if they
- abuse or misuse the GWDG's IT resources to commit unlawful acts or
- cause harm to the assigned institution through other illegal user activities.
(2) Measures under subsection (1) of this Article should be taken if a prior remand fails to prevent the undesired behaviour. The affected person shall be given the opportunity to submit a rebuttal statement and may request the management of his institution to mediate. Under all circumstances, the opportunity for securing their data must be granted unless precluded by other legal regulations to the contrary. The GWDG must, without delay, inform the management of the respective institution holding access authorisation.
(3) Temporary usage restrictions decided on by the GWDG’s management shall be lifted as soon as proper usage appears to be assured once again.
(4) In the event of serious or repeated violations as defined under subsection 1 of this Article, permanent restrictions on use or complete exclusion of a user from further use shall be considered, also when proper behaviour is no longer to be expected in the future. Potential claims on the part of the GWDG resulting from the mutual agreement for use shall remain unaffected thereby.
(5) The ownership of data must be clearly defined between the user and institution holding access authorisation.
Article 6 The GWDG's Rights and Obligations
(1) The GWDG keeps a directory of all user authorisations which lists the information required on the application, additional voluntary user data as well as the names and descriptions derived thereform, such as e-mail addresses.
(2) Where necessary in order to rectify faults, for system administration and system expansion, or for the sake of system security and to protect user data, the GWDG can temporarily restrict usage of its resources or temporarily block individual User IDs. As far as possible, the affected users shall be informed of this in advance.
(3) If there is clear evidence that a user is keeping illegal content for use on the GWDG's servers, the GWDG can suspend further use until the legal situation has been satisfactorily resolved.
(4) The GWDG has the right to verify the security of system/user passwords and user data by regularly implementing manual or automated measures as well as the required protective measures, for example, by changing easy-to-guess passwords, in order to protect the IT resources and user data against unauthorised third-party claims. The user shall be notified without delay in the event of changes to user passwords, access rights to user data and the implementation of other usage-relevant protective measures.
(5) For the processing of personal data by the user, the GWDG has the appropriate protective measures in place that reflect the technical and organisational/administrative state-of-the-art options available to it and ensures that these measures are supported within the computer centre’s operation.
(6) Under the provisions stated below, the GWDG has the right to document and analyse each individual user's utilisation of the data processing systems, but only to the extent necessary to
- ensure that the systems run properly,
- allocate resources and administer the system,
- protect other users’ personal data,
- settle accounts,
- identify and troubleshoot faults as well as
- uncover and stop unlawful use, abuse or misuse.
Under these conditions and in compliance with data protection and criminal regulations, the GWDG also has the right to inspect the user's data to the extent necessary to eliminate current disruptions or to discover and stop any unlawful or criminal behaviour in the face of substantial evidence.
However, the inspection of messaging and e-mail accounts is only permissible to the extent that this is essential to rectify current faults in the e-mail messaging service. Under these circumstances, the GWDG’s data protection officer must be brought in.
In all cases, the inspection must be documented and the affected user notified without delay once the purpose has been achieved.
The aforementioned provisions also allow documentation of the traffic and user data generated during messaging traffic (especially e-mail usage) subject to compliance with the applicable statutory requirements. Notwithstanding the above, the immediate circumstances of the telecommunications, but not the non-public communication contents, may be collected, processed and used.
The traffic data and user data generated by online activities on the Internet and using other media services or telecommunications provided by the GWDG for usage or for which the GWDG mediates access to use, must be deleted as early as possible, at the latest directly at the end of the respective instance of use, unless invoicing data happen to be involved.
Under the provisions of the statutory regulations, the GWDG is obligated to maintain telecommunications secrecy and data confidentiality.
(7) Whenever users report to the GWDG that they have terminated their use, the GWDG shall inform the institution holding access authorisation about the termination of use.
(8( After invalidating the user permit (Article 4 (12)), the data stored under the User ID will be deleted.
Article 7 Liability of the User
(2) The user shall also be liable for damages resulting from third-party use within the scope of the user’s access and usage options provided to him, provided he is responsible for this third-party use, and particularly, if he has shared his User ID with third parties. In this case, the GWDG can demand a user fee for the third-party use from the user according to the provisions of the pay regulations.
(3) If any third parties assert claims against the GWDG for damage compensation, default or other claims resulting from the users’ activities that are illegal or punishable under criminal law, the user must release the GWDG from all claims resulting therefrom. The GWDG will file suit against user in the event that the third party litigates against the GWDG in court based on these claims.
Article 8 Liability of the GWDG
(1) The GWDG does not warrant, and hereby disclaims any warranties – either express or implied – that the IT systems will operate in an uninterrupted or error-free manner at all times. The potential loss of data resulting from technical malfunctions or the disclosure of confidential data resulting from unauthorised access by third parties cannot be excluded.
(2) The GWDG shall not be responsible for the accuracy of the software provided. Neither shall the GWDG be liable for content, particularly relating to the accuracy, completeness or up-to-date nature of the information and data; the GWDG merely mediates the access to use of said information and data.
(3) Otherwise the GWDG shall only be liable in the event of intent or gross negligence by its employees, unless there are significant obligations that have been culpably violated, where compliance therewith is of special importance for carrying out the purpose of the contract (cardinal obligations). In this case, the GWDG’s liability is limited to the typical damages that were foreseeable at the time when the mutual agreement for use was established, as long as no intentional or grossly negligent acts have been committed.
(4) Any public authority liability against the GWDG shall remain unaffected by the aforementioned policy.
Article 9 Economic Management of Services
(1) Rankings and Fees
The data processing projects will be classified into ranked groups; the classification will be based on the affiliation of the institutions with access authorisation conducting the projects. The ranking will be assigned according to the currently amended version of the “General Terms and Conditions, Allgemeine Geschäftsbedingungen (AGB)”.
(2) Allocation of Contingents
Every institution holding access authorisation shall receive contingents of operating equipment. The allocation of contingents is the proprietary domain of the institutions holding access authorisation. An organ of the GWDG (see partnership agreement) lays down the guidelines for the allocation of the contingents to the institutions with access authorisation. As part of this economic management, the users can prove the need for the operating equipment, provided that other users’ possibilities are not unreasonably affected thereby.