Technical University of Munich

User Agreement for myTUM Users (Students and Employees)

Please note: This is a translation of the original version of the user agreement. It is only for your convenience. Be advised that solely the German version of this agreement is legally binding.

The following guidelines regulate the conditions under which the services provided by WWW & Online Services (WOS) of the Technical University Munich may be used.

These guidelines set basic rules for the operation of the webservices of the TU Munich. point out the justified rights of third parties (for example software licenses, regulations of the network operator, aspects of data security). demand from the user an orderly conduct and an economic use of the resources provided. inform on possible sanctions against breaches of the user-agreement

The user guidelines apply to the Zope-mainserver operated by the WWW & Online Services, the Zope@TUM e-mail services and all servers connected to the Zope@TUM mainserver for data exchange, as far as they are not governed by own regulations.

Access Authorization

A valid access is granted by the assignment of an initial user-ID and password. These are normally sent with the 'Immatrikulationsbescheinigung' or handed on employment. The access becomes invalid at the Exmatrikulation or the end of employment. The content of the mailbox and other user information are kept for another 3 months after the expiry of the authorization. Limited services are then still available as an 'Alumnus' with the mytum.de username.

System Operator

The WWW & Online Services of the TUM (WOS) is the system operator. Various services are delegated to the Leibniz-Rechenzentrum (LRZ).

User Terms

The myTUM system may only be used for matters related to the study or work at the TU Munich. A use for other, especially commercial purposes, is not acceptable. Exceptions can only be granted on formal requests with a separate written agreement and in exchange for an appropriate fee.

The user is required to a responsible use of the resources provided (storage use, load on the servers). Any actions which may lead to a disruption of the normal operation are forbidden. This includes especially actions leading to damage on the IV-infrastructure or the disruption of other users. Any action contrary to this point may lead to claims for damages.

The user is denied any abuse of the IV-infrastructure. Users are particularly asked to work exclusively on the user account assigned to them. The password is to be kept strictly secret. to choose appropriate passwords (hard to guess and complex) and change them on a regular basis. The logout is also important.

The user is obliged

• not to use their accounts for sending unsolicited mail (spam) or unlawful content.
• not to allow third parties access to their account. Users are responsible for all actions on their accounts, even if performed by third parties that have gained access through the user's unsafe use of the account.
• to respect the current law and copyright regulations when storing data in the system. Data from the system may only be copied or passed on with explicit permission. Data may not be used for any other purpose than intended by the publisher/owner. This applies especially to unauthorized commercial use.

Failure to comply with the rules laid out above may lead to claims of damage.

The IV-infrastructure is only to be used according to current law. The following actions are illegal according to the 'Strafgesetzbuch':

• acquisition of passwords, gaining unauthorized access to data (§202 a StGB)
• unauthorized alteration, deletion, hiding or destruction of data (§303 a StGB)
• computer-sabotage (§303 b StGB) and computer fraud (§263 StGB)
• spreading propaganda material of unconstitutional organizations (§86 StGB) or racist content (§131 StGB)
• spreading certain forms of pornography (§184 Abs. 3 StGB)
• access or possession of child pornography (§184 Abs. 5 StGB)
• offensive or slanderous statements (§185 ff StGB)

The system operator may under certain circumstances decide to pursue legal action against users. Further information on this below.

Users are not allowed to acknowledge and/or use messages intended for another user. If a user finds illegal content in the system or cannot access information intended for use by him, the system administration must be informed immediately.

Data Security

Other than the data provided by the TU, person-related data may only be put into the system with the permission from the system administration and the person in question. This does not overrule the implications of the data protection law or the internal rules for data privacy. If a user has author-access to the system, all alterations are recorded in a way that they can be traced to the author. For example, if a user posts on one of the message boards, his real name is displayed to avoid misuse.

Tasks, Rights And Responsibilities Of The System Operators

All systems connected to Zope@TUM use the central LDAP server operated by the LRZ to verify access authorization. Once further access rights are granted, the change is documented. These documents are to be kept for two more years after expiry of the authorization.

The system operator uses appropriate means to prevent or detect abuse.

This gives the operator to the following rights:

• The activities of users may be documented and analyzed, if it happens for the purpose of resource management, monitoring system operation or the pursuit of breaches of the user agreement or the law.
• On suspicion of breaches of the user agreement or the law, the mailbox and stored data may be inspected. Detailed documentation of network traffic through specialized software is also possible. These acts are subject to the four-eye-principle and require documentation.
• On founded suspicion, evidence may be secured using further means, like keystroke logging or network sniffer.

The system operator is required to ensure the privacy of the user. The system operator provides contact information on the contact persons for user relations. For traffic to other systems, the system operator is required to ensure accordance to applying usage and access regulations.

Liabilities And Non-Liabilities Of The System Operator

The system operator does not provide any guarantee that the system will fulfill the special needs of users. There is also no guarantee for a disruption-free and uninterrupted service of the system. The system operator cannot guarantee for the security (regarding manipulation, loss) and privacy of data stored in its system.

The system operator is not liable for damages of any kind caused by the use of myTUM. Except from this is intentional action on part of the system operator or persons providing system-related services to the operator.

The system operator does not provide data backups. Backups are in the responsibility of the single user. In case of destruction or loss of data it is the user's responsibility to restore lost data. Regarding this, the system operator is not liable.

Misconduct And Illegal Usage

In case of breaches of this user agreement, especially regarding the terms of usage, or illegal actions, the system operator can partially restrict or deny further access. The damage caused by the misconduct is not relevant.

On significant or repeated misconduct the user may be permanently banned from using the Zope@TUM system.

Breaches of the law or the user agreement may lead to criminal or civil charges. Significant cases of misconduct will be relayed to the appropriate legal department for further process. The system operator may then decide to take legal steps to pursue criminal charges or civil claims.

Costs caused to the TU Munich in the pursuit misconduct or caused by breaches of the user agreement are to be paid in full by the party responsible.

Further Regulations

For the usage of certain services over Zope@TUM fees can be demanded. For users with special authorization differing terms can be applied. These will be announced to the users in question.

Complaints are to be directed to WWW & Online Services.

Final Clause

Any changes, additions, partial or total revocation of this user agreement are to be kept in writing, including the change or revocation of this clause.

If parts of this user agreement should be or become ineffective, the rest of the agreement stays in effect.

Area of jurisdiction for all legal claims arising from the usage relationship is Munich.

Munich, the 20.1.2004

contact: www & online services