The english text is a service. Only the german text which can be looked thorough in the head offices´administration of the university of Stuttgart published in printed from in the official announcements of the university of Stuttgart (Nr. 179, 27.12.2006) legally is substantial and obligatory therefore.
User Regulations for Digital Information
Processing and Communication Equipment (IaC) at the University
Vom December 18, 2006
Due to § 8, Paragraph 5 and § 19, Paragraph 1 Clause 2, Nr. 10 and 28 of the state law on colleges and universities (Landeshochschulgesetz—LHG) from January 1, 2005 (page 1 of law gazette) last modified on December 19, 2005 (page 794 of law gazette amended 2006, page 15), the Senate of the University of Stuttgart adopted on December 13, 2006 the following user regulations for digital information processing and communication equipment (IaC) at the University of Stuttgart.
§ 1 Range of Application,
User Group and Supplementary Rules of Operation
(1) These user regulations apply to the IaC systems, consisting of data processing systems (computers), communication systems (networks), telecommunications systems and other digital information processing equipment including software and services, that are provided by the faculties, academic departments, e.g. institutes, and other institutions of the University of Stuttgart.
(2) The IaC systems, as stated in Paragraph 1, are made available to the members of the University of Stuttgart to fulfill their tasks in research, teaching, studies, administration, education and training, public relations and representation, international cooperation, knowledge and technology transfer and for other tasks as described in § 2 of the LHG. Use of the IaC systems of the University of Stuttgart that fall under agreements according to § 6 of the LHG or other cooperation agreements can be granted to users within the scope of and in accordance with these agreements. The use of these systems by other persons and institutions may be allowed in accordance with the conditions stated in § 28, Paragraph 1, Clause 3 of the LHG.
(3) The use of IaC systems
for private purposes is not allowed. The use of IaC systems shall
remain unaffected in cases where secondary employment and the use
of employer resources, personal or material, have been approved
by the appropriate person responsible at the University of Stuttgart;
the relevant stipulations apply here. Private telephone calls made
using University of Stuttgart equipment shall also remain unaffected
in urgent cases in accordance with the relevant regulations that
apply in each case (office telephone directives issued by the Ministry
of Finance and University of Stuttgart memoranda, circulars and
(4) Members and institutes of the University of Stuttgart can be charged an appropriate fee, even in cases not contained in Paragraph 3, Clauses 2 and 3, for the use of IaC systems with approval of the university president’s office (Rektorat). For use of IaC systems by other post-secondary institutions or rather members of other post-secondary institutions, the standard commercial fee can be levied; with other third parties, commensurate fees must be charged. Details relating to the mandatory payment for use of IaC systems result from § 8 of these user regulations and are, moreover, regulated by the appropriately responsible organizational unit of the University of Stuttgart (faculty, institute or organization) in the official fee structure or otherwise agreed upon with the users. The user regulations as well as the official fee structure are to be made available to all users.
(5) To guarantee an orderly operation of the IaC systems, the director of each university institute can issue further regulations on affairs dealing with day-to-day operations (operational regulations). The data processing security department is to be consulted regarding regulations pertaining to IaC systems. The following regulations also apply accordingly: the administration and user regulations of each university organization (e.g. institute regulations) as well as, if applicable, existing internal regulations and network regulations in accordance with § 3, Paragraph 2, Item 5 of the administration regulations of the computing centre of the University of Stuttgart. The regulations of this Paragraph are to be made available to all users.
§ 2 User Rights and Licenses
(1) Whoever requests to use IaC systems according to § 1 requires a formal user license from the responsible system operator. Services that are installed for anonymous access are excluded from this rule.
(2) The user license can include the right to introduce external systems into the University’s IaC system. External systems include those that are not mandated to be listed in the administration regulations of the University of Stuttgart’s computing centre under § 3, Paragraph 2, Item 12.
(3) The system operator is the University of Stuttgart’s computing centre within the scope of its tasks and jurisdiction or each responsible organizational unit of the University (faculty, institute, other organization).
(4) The application for a formal user license should contain the following information:
a) system operator who is being applied to,
b) systems or services which are being applied for,
c) applicant: name, contact details, status - students are to include their student number - and if applicable the affiliation to an organizational unit or another service recipient other than the applicant (client),
d) information about the purpose of use, especially when personal data is handled through a process set up by the applicant, and
e) acceptance of the rules of these user regulations as well as the supplementary regulations according to § 1, Paragraphs 4 and 5 as a basis for the user relationship.
information may only be obtained if the information is necessary
to decide the application (§ 13 LDSG). No later than 6 months
after the applied use has been terminated are the personal data
contained in the application to be made anonymous or deleted (§ 23
LDSG), unless sector-specific storage regulations require a longer
term of storage.
(5) The decision on the application is made by the system operator. The operator may make the issuing of the user license dependent on proof of knowledge of the operation of the IaC systems applied for.
(6) The user license for students can be issued by the Office of Student Affairs (Studiensekretariat) in conjunction with university admission or registration at the University of Stuttgart.
(7) The user license is non-transferable.
(8) To guarantee an orderly and low-disturbance operation, the user license may be issued with a limitation on computing and online time as well as with other use-related conditions and sanctions. The user license is only valid for projects and purposes that are related to the use applied for and can be issued for a limited period of time.
(9) The user license can be totally
or in part denied, revoked or retroactively restricted, especially
a) the application is not complete or the information provided is not or no longer correct, or
b) the prerequisites for an orderly operation of the IaC systems are not or no longer given, or
c) the person issued the user license has been excluded from use according to § 4, or
d) security measures against attacks on IaC systems or against damage to IaC systems are necessary, or
e) the present IaC systems are unsuitable for the use applied for or such systems are reserved for other purposes, or
f) the capacity of resources applied for is not sufficient for the planned use due to the fact that the system is already operating at full capacity, or
g) the use of certain requirements for the protection of privacy must be adequate and no essential reason for the planned use is apparent, or
h) it can be expected that the applied use would unreasonably compromise other legitimate projects, or
i) the planned project of the user is not consistent with the tasks of the university or the licensing purposes, or
j) the export conditions of manufacturer countries denies the access or use of computers or programs by members of certain states, or
k) a bill of charges derived from obligatory user fees has not been paid on time.
(10) The user license expires
a) upon cancellation by the user, or
b) upon expiry of a license issued for a limited period of time, or
c) upon non-compliance with the conditions and/or requirements linked with the user license, or
d) upon change of user status, or
e) upon revocation, or
f) upon retirement from the University, unless no other stipulations are in place.
§ 3 User Rights and Responsibilities
(1) User-licensed persons (users) have the right to use the IaC systems within the scope of their license and in compliance with these user regulations. In addition, the regulations stipulated in § 1, Paragraphs 4 and 5 apply accordingly. Furthermore, in dealings with other operators, their supplementary user and access regulations are also in effect as long as they do not contradict these present user regulations. Any use deviating from these regulations requires a special permit.
(2) Users are required
a) to adhere to these user regulations as well as to keep within the limitations of their user license, especially with regards to purpose of use,
b) to cooperate in an appropriate and orderly way when using IaC systems, in particular to refrain from any activity that would interfere with the orderly operation of their own or other IaC systems,
c) to treat all IaC systems and other equipment with care and respect,
d) to use the available resources and materials e.g., workplaces, computer resources, line capacities and bandwidth, responsibly and efficiently,
e) to use only the user rights assigned to the user,
f) to ensure that unauthorized persons do not gain access to IaC systems using their user license; to take care that no other persons gain knowledge of authentication keys, e.g., password, PIN, private key,
g) to refrain from determining or publishing other authentication keys,
h) to refrain from unauthorized access to information of other users and not to pass on, utilize or modify disclosed information of other users,
i) to adhere to legal regulations, in particular copyright and trademark protection laws, when using software and information services, documentation and other data and to comply with applicable licensing conditions when software and documentation is provided,
j) to refrain from copying or distributing software, documentation and data or using them for unauthorized purposes, unless explicitly allowed,
k) to obey instructions of personnel in the rooms of the system operator and to observe any present house rules or other user regulations,
l) to present user license and identification upon demand,
m) to refrain from using IaC systems without authentification, unless anonymous use is permitted,
n) to refrain from modifications of the IaC systems without explicit consent of the system operator,
o) to ensure that private systems are not introduced into the the IaC infrastructure of the University of Stuttgart,
p) to provide information in justified individual cases, in particular cases of justified suspicion of abuse, about the appropriate and orderly use of IaC systems to the system operator upon demand,
q) to coordinate the processing of personal data with the system operator and designated representative from the protection of privacy authorities as defined by § 2, Paragraph 4 (d) irrespective of the user’s own legal duties to data privacy and to take data protection and data security measures implemented by the system operator into consideration,
r) to secure their data and programs in such a way that damages through loss during processing do not arise,
s) to disclose to the system operator changes in name, contact details and status as well as retirement from the University.
external systems are introduced into the IaC system of the University
as a result of a user’s user license, the user is responsible
for ensuring that the system will be operated according to the
current state of technology such that no technical hazard is assumed
(e.g. up-to-date virus scanner, local firewall).
(4) Users are to use the IaC systems in such a way that legal regulations in force are not violated. In particular the following legal infractions are to be noted:
a) data spying (§ 202a StGB),
b) data modification (§ 303a StGB) and computer sabotage (§ 303b StGB),
c) computer fraud (§ 263a StGB),
d) distribution of pornographic images (§ 184 StGB), in particular the distribution, acquisition and possession of child pornography (§ 184b StGB),
e) distribution of propaganda from anti-constitutional organizations (§ 86 StGB) and incitement of the people (§ 130 StGB),
f) defamation including libel and slander (§§ 185 ff. StGB),
g) infringement of telecommunication secrecy (§ 206 StGB),
h) criminal copyright infringements e.g., by anti-copyright duplication of software or other protected products (§§ 2, 15 ff., 97 ff UrhG),
i) unauthorized actions, for example that damage the reputation and prestige of the University of Stuttgart (§§ 823 ff. BGB),
j) trademark infringement (§§ 14 ff. MarkenG).
(5) If, within the scope of the user license, websites of a third party are hosted, it is not permissible to set them up in such a way that they appear as websites of the University of Stuttgart. Users are required to adhere to the legal regulations relating to an Internet presence.
(6) Should there be evidence that a user is operating a website with unlawful content or links to unlawful content, the user must upon notice from the system operator remove or disable the content immediately until the legal situation is definitively clarified. The right of the system operator to prevent the use or the calling up of such content in accordance with § 5 Paragraph 3 shall remain unaffected.
§ 4 Exclusion from Use
(1) Users can be temporarily or permanently restricted and/or excluded from using IaC systems if
a) they violate rules of these user regulations, in particular those duties stated in § 3 or
b) abuse the IaC systems for criminal acts or
c) cause losses to the university through criminal user behavior.
(2) Measures according
to Paragraph 1 should only be taken after an unsuccessful warning
has occurred. The user concerned should be given an opportunity
to make a statement on his own behalf. Data legally entitled to
the user should be relinquished to him upon demand.
(3) Temporary user restrictions, which are decided on by the system operator, are to be lifted as soon as proper use appears to be guaranteed again.
(4) A permanent user restriction or the complete exclusion of a user can only be considered when very grave or repeated violations occur as defined in Paragraph 1 and when behavior in accordance with regulations cannot be expected anymore in the future. The decision to permanently exclude a user is made by the president (Rektor) by official notification upon request of the director of the university institute in question. Possible claims by the university derived from the user relationship shall remain unaffected. The user is not entitled to any damage claims whatsoever resulting from the exclusion.
§ 5 Rights and Duties of the System Operator
(1) For operational reasons
the system operator can temporarily restrict the use of resources
or temporarily block individual user logins. If possible, the users
concerned should be informed in advance of such measures.
(2) The system operator is permitted to shut down particular services completely or at times also definitively.
(3) If, in fact, there is
evidence that a user is saving, keeping or calling up criminal
content on the IaC systems of the system operator, then the system
operator can deny use until the legal situation has been sufficiently
clarified. The user should as a rule be informed of the measures
taken by the system operator.
(4) The system operator is authorized to routinely check the security of authentication keys and user data by way of manual or automatic procedures and to execute necessary prevention measures in order to protect the IaC systems and user data from unauthorized access from third parties. The user is to be immediately informed about measures that have been taken that restrict his or her use of the systems.
(5) The system operator is authorized, according to the measures in the following regulations, to document and evaluate the individual use of IaC systems, however only so far as necessary
a) to guarantee proper system operation,
b) to plan resources and administrate the system,
c) to protect personal data,
d) for billing purposes,
e) to recognize and remove malfunctions as well as
f) to identify and prevent criminal or abusive use
(6) In accordance with the requirements of Paragraph 5 the system operator is also authorized, in adherence to data privacy provisions, to access user files, if this is necessary to remove current malfunctions or to identify and prevent abuse, if factual clues can be presented. To identify and prevent abuse, joint access by at least two responsible persons is necessary. Access to the news and e-mail folders is only allowed if it is essential for the removal of current malfunctions in news services. Access procedures are to be documented. The concerned user is to be informed immediately upon fulfillment of purpose.
(7) In accordance with the requirements of Paragraph 5 and in adherence to protection of privacy legislation, the connection and usage data in news traffic, in particular mail usage, may be documented. However, only the pertinent circumstances of the telecommunication itself, but not the non-public communication contents, may be collected, processed and used.
(8)The documented access of the IaC systems in accordance with Paragraphs 5 and 7 may only be processed under the terms of Paragraph 5 for logging purposes and is to be immediately deleted after the necessity for further storage is no longer given. The person-related protocols and deletion times as well as the responsibilities for execution of deletion are to be documented.
(9) If substantial suspicion of criminal activity should arise, then the system operator is authorized to undertake measures to secure evidence. The university explicitly reserves the right to initiate criminal prosecution as well as legal actions under civil law.
(10) The transmission of person-related protocol data to third parties requires the permission of the university provost (Kanzler).
(11) Pursuant to legal regulations, the system operator is obligated to observe telecommunication and data privacy protections. When processing personal data the system operator is obligated to adhere to legal data protection requirements.
(12) The system operator is obligated not to process or rather to process as little personal data as possible.
(13) As provider of telecommunications
services or teleservices, the system operator must respect the
regulations of the telecommunications law relating to secrecy of
telecommunications, protection of privacy and public security and
the appropriate regulations of the applicable version of the teleservices
law and protection of privacy for teleservices.
(14) In interaction with other operators, the system operator is obligated to comply with their supplementary user and access regulations, unless they conflict with these user regulations.
(15) When deleting the user license, the system operator is authorized to delete the data that was applied for by the user and which was accessible under the user license.
§ 6 User Liability
(1) The user is liable for all
damages to the university caused by abusive or criminal use of
the IaC systems or caused by the user’s failure to comply
with the duties in these user regulations.
(2) The user is also liable for damages that are caused by the use of his access and user privileges through third parties, if he is at fault for the use by third parties, in particular when the user has offered his login to third parties. In this case the university can demand a user fee from the user for third party use in accordance with the official fee structure.
(3) The user must release the university from all liabilities, if third parties make claims of compensation, neglect or any other types of claims due to abusive or criminal actions of the user. The university can commence with litigation if third parties take legal action against the university.
§ 7 University Liability
(1) The university does not guarantee
the fault-free and uninterrupted operation of the IaC systems as
well as the integrity of results. Possible data loss as well as
the acquisition of confidential data by the unauthorized access
of third parties cannot be excluded. The university assumes no
responsibility particularly for the loss of data that are deleted
on account of § 5 Paragraph 15.
(2) The university assumes no responsibility for the integrity of programs and data provided. The university is also not liable for the content, in particular the integrity, totality and current status of programs and data to which the university only provides access.
(3) In addition, the university is only liable for the deliberate and grossly negligent actions of its staff, unless a culpable breach of basic duties has taken place. In this case the liability of the university is limited to the typical damages that are foreseeable in the definition of the user relationship unless deliberate or grossly negligent actions have taken place.
(4) Possible official liability claims against the university shall remain unaffected by these regulations.
§ 8 Fee Structure for the Use of IaC Infrastructure and IaC Services
(1) For the use of IaC infrastructure and services of the University of Stuttgart, the following fees will be charged for different user groups:
members and institutes of the University of Stuttgart for university purposes
free of charge, if applicable reimbursement of out-of-pocket expenses according to Paragraph 2 or a fee within the scope of § 1, Paragraph 4, Clause 1
employees of the University of Stuttgart within the scope of approved secondary employment or authorized private communication in accordance with § 1, Paragraph 3
fee according to relevant provisions and regulations
members and institutes of other public post-secondary institutions in Baden-Württemberg for university purposes
fee according to official fee structure or agreement; unless free of charge or through reimbursement of out-of-pocket expenses
members and institutes of public post-secondary institutions at the federal level or of other federal states for university purposes
fee according to official fee structure or agreement; unless free of charge or through reimbursement of out-of-pocket expenses
standard commercial fee
(2) In those cases where the use is free of charge, a claim for reimbursement of out-of-pocket expenses can be made. Out-out-pocket expenses include expenses that the system operator submits to a third party or other location or charges with them in order to carry out the IaC services. Particular costs that arise from the execution of individual tasks will be calculated separately and will be charged as reimbursement of out-of-pocket expenses. Particular costs include those that differ in their type and level from the expenses that normally accrue for the use of IaC systems and are attributable to the respective user.
(3) The standard commercial fees are geared to the prices of commercial enterprises for comparable services; they should cover all costs.
(4) If users are committed to a quid
pro quo to a third party on account of a transfer of third-party
funds and the use of IaC infrastructure of the University of
Stuttgart is thereby necessary, the expenses are to be claimed
from the third party in the form of a fee, which the third party
would have paid, were it to submit itself a request for the use
or service. Clause 1 applies accordingly if user and service
recipient (client) are not identical for the use of IaC infrastructure
of the University of Stuttgart.
(5) In those cases where these user regulations do not apply, the fee and the fee calculation are to be based on the official fee structure as defined by § 1, Paragraph 4, Clause 3 or the applicable agreement. In those cases where the official fee structure or agreement does not apply, the fee calculation is to be based on the applicable version of the general administrative regulation relating to assessment of costs (VwV-assessment of costs) issued by the Ministry of Finance. The office of the university president (Rektorat) can authorize exceptions to the fee calculation.
(6) In those cases where the University of Stuttgart has agreed, through agreements according to § 6 of the state law on colleges and universities (LHG) or other cooperation agreements, to a fee for the use of IaC infrastructure or services of the University of Stuttgart that deviates from Paragraph 1, the fee and the fee calculation are to be based on the provisions of these agreements.
(7) The obligation to pay the fee arises at the moment the systems and services are first used. The fee is due on receipt of the invoice and is to be paid within a period of time that is to be determined.
§ 9 Entry into Force
These user regulations take effect on January 1, 2007. At the same time, the Administration and User Regulations for Digital Information Processing and Communication Equipment (IaC) at the University of Stuttgart from January 28, 2002 (University of Stuttgart Bulletin No. 83 dated February 8, 2002) expire.
Stuttgart, December 18, 2006
Prof. Dr.-Ing. Wolfram Ressel