<a href="/fi/it-kayttosaannot">Terms of use of IT services in Finnish</a>

The Terms of Use apply to and bind all members of the higher education community of Tampere that comprises the University of Tampere and Tampere University of Applied Sciences (hereinafter “University”), the users of IT Services and systems of these higher education institutions and their various units.

1.1	To whom do these Terms of Use apply?

The terms of use apply to

<ul>
	<li>all hardware and devices of the University</li>
	<li>all University IT services and their use</li>
	<li>all the services and licences that have been made available or are licensed through the University</li>
</ul>

1.1	To which services are these Terms of Use applied?

In addition to these Terms of Use, the following norms must be complied with:

<ul>
	<li>legislation in force in Finland at each time</li>
	<li>the Information Security and Data Protection Policies of the University and any other policies that are applied to the use of the services</li>
	<li>any general and service-specific terms and conditions and rules that complement these Terms of Use</li>
</ul>

1.2	Other norms applied to usage

1	Scope

If a service is public and available for use on the Internet, all Internet users are authorised to use it. Other services are intended for a limited user group, and a duly granted user identification and authorisation is required in order to use them.

Authorisation means the right to use a certain IT service. The term “user right” is often used when talking about authorisation.

An authorisation can be granted for a fixed-term period.

An authorisation is personal.

The scope of an authorisation depends on the position and role of the user at the University.

A person can have several roles at a given time.

2.1	What is an authorisation?

An authorisation is granted based on a University role that necessitates it. Such roles include

<ul>
	<li>studies</li>
	<li>employment</li>
	<li>a certain position or role at the University</li>
	<li>another type of connection to the University requiring authorisation (e.g. a contractual relationship)</li>
</ul>

2.2	On which grounds is authorisation granted?

It is possible to restrict a user’s authorisation if there is a good reason to suspect that compromised information security or abuse is taking place.

2.3	Restricted authorisation

Authorisation begins when the criteria for obtaining authorisation are fulfilled and a username has been created and activated accordingly. A username is created three days before the beginning of an employment relationship.

2.4	Beginning of authorisation

The authorisation ends when its criteria no longer exist, i.e. when

<ul>
	<li>studies end</li>
	<li>employment ends</li>
	<li>the person’s role changes, and the new role does not make them eligible for authorisation to use IT Services</li>
	<li>there is some other type of relationship with the University, which has offered grounds for authorisation ends, or</li>
	<li>an authorisation granted for a fixed term expires</li>
</ul>

The username of employees expires seven (7) days after the expiry of the authorisation

The username of studensts expires fourteen (14) days after the expiry of the authorisation

2.5	Expiry of authorisation

The user must store any personal information they will need before their username for the service expires. A user who is a member of staff or who is in a role considered equal to a member of staff must agree with his/her supervisor on the person to whom he/she will delegate all the information relevant to his/her responsibilities. The same applies to such cases as a student who has worked as part of a research group.

All users must uninstall any software based on employee or student licences from their home computers when their employment or study right ends.

The time of deletion of the home indexes and mailboxes starts to run after the seven-day period recorded in section 2.5. After the seven-day or fourteen-day period, the account is closed for 92 days, during which time no e-mails are received and the home indexes are not available. After 92 days, the account is deleted.

More detailed actions by the University after the termination of the authorisation are determined in the service descriptions.

2.6	The responsibilities of a user in the event of the expiry of an authorisation

2	Authorisation

The username is used to identify and authenticate a user.

In order to carry out authorisation, each user must have an identifier with which they can be identified in the IT services that require authorisation.

3.1	What is a username and why is one needed?

A username is granted to everyone who is authorised to use one of the University’s IT services requiring identification.

Compliance with these Terms of Use of IT Services is a prerequisite for receiving a username.

3.2	Who is entitled to a username?

A user bears liability for damages and criminal responsibility for any harm or damage resulting from the use of the username. The responsibility also applies to situations where the username is used by a party that received the necessary information and tools from the user, whether on purpose or by negligence.

3.3	User responsibility

It is prohibited to disclose one’s username to another person or to use someone else’s username.

3.4	Prohibition of disclosure and usage

A defined group of users may be granted a joint username, a group ID, which features the usage authorisations of the group members. Group IDs are used for the specific purpose they are granted for and they are valid for a fixed term.

3.5	Group ID

Each group ID user is responsible for his/her actions when using the ID.

3.6	Responsibility for a group ID

The group ID applicant is responsible for disclosing the ID to users and providing instructions for its use.

Reception of a group ID means that the user agrees to comply with these Terms of Use.

3.7	Responsibility for disclosing the group ID.

3	Username

IT Services of the University are designed as a tool for work related to the user’s studies, teaching, research or other tasks at the University.

4.1	Primary purposes of use

Commercial use is only permitted for purposes that have been approved by the University.

4.2	Commercial use

It is only permitted to use the services for election campaigns or other political activities in connection with student elections, and activities of student organisations connected to the work of the Student Unions and student groups or trade union actions or similar that are connected to the operations of the University.

4.3	Political use

Small-scale private use is allowed Small-scale private use refers to such actions as private e-mail conversations and online service use. However, it is prohibited for private use that

<ul>
	<li>disrupts other use of the service, or</li>
	<li>is in conflict with the Terms of Use and the guidelines provided.</li>
</ul>

4.4	Private use

Storing, publishing, transmitting or distributing material that is unlawful or against good practice is prohibited.

Use for agitation of all types is prohibited.

Usage authorisations must never be used for any illegal or forbidden activities, such as searching for vulnerabilities in information security, unauthorised decryption of data, copying or modifying network communications, or unauthorised access to IT systems or preparations thereof.

Parts and features of IT systems that are not clearly made available for public use must not be used. Such parts and features include tools intended for administration or functions that have been disabled in the system settings.

Unnecessary usage and loading of resources are prohibited.

4.5	Prohibited purposes of use

As a principle rule, all materials of employees and those in similar roles stored on University devices and services belong to the University.  This does not, however, reflect the status of intellectual property rights (IPR). Staff members must clearly indicate their private materials as private and separate from work-related ones.

All materials that are in students’ possession are deemed to be private.

4.6	Privacy policy

A report must be made immediately if a breach of information security or data protection is detected or suspected. The report must be submitted to: tietoturva [at] tuni.fi.

4.7	Reporting duty

Everyone is obliged to maintain the secrecy of any confidential information that they become aware of.

4.8	Secrecy

Phishing, abuse, copying and distribution of other users' private information is forbidden.

4.9	Prohibition of phishing

Each user is under an obligation to keep their username and the connected password safe and use it in such a manner that they do not come to anyone else’s knowledge. You must never disclose your password to anyone.

It is prohibited to use the passwords used in the University services for any other service.

4.10	Safe storage and use of passwords

The University is entitled to restrict or revoke the right to use its IT services as a precaution.

4.11	Restrictions on the use of IT services.

Services may not be provided using the University’s network without the University’s permission.

4.12	Providing IT services

The University can place restrictions on the possibility to connect devices to the University communications network.

4.13	Connecting devices to a communications network.

4	Rights and responsibilities of users of IT Services

Everyone who processes data at the University must understand the principles laid down in the Information Security Policy of the University for the recognition of the different types of data and supplementary instructions, and to comply with these.

5.1	Recognition of the type of data

Each person who processes information at the University or on behalf of the University must act in the manner required by the type of data and in compliance with legislation, contracts and the instructions provided.

5.2	Appropriate processing of data

Everyone who processes personal data at the University must understand the principles laid down in the Information Security Policy of the University and the supplementary instructions, and to comply with these.

The processing and storage of special categories of personal data is only permitted in services that are instructed to be used for this purpose.

5.3	Appropriate processing of personal data

5	Identification and appropriate processing of data

These Terms of Use will be valid as of 1 January 2019.

6.1	Coming into force

These Terms of Use will be revised if and when needed, so that they correspond with the valid services and legislation.

Substantial changes will be processed in a cooperation procedure.

The IT Administration will make decisions on the need for changes.

Information on the changes will be provided via the normal channels of communication, and not personally.

6.2	Managing changes

Permission for exceptions from the Terms of Use can be granted for compelling reasons upon written application.

Permits for exceptions are granted by the IT Administration.

The permit may include additional terms and conditions, restrictions and responsibilities.

6.3	Exceptions from the Terms of Use

The responsibility for the supervision of the Terms of Use is determined in the Information Security and Data Protection Policies of the University.

The Policy on Consequences of Breaches of IT Security will be applied to the breaches.

Terms of Use of IT Services

1 Scope

1.1 To whom do these Terms of Use apply?

1.1 To which services are these Terms of Use applied?

1.2 Other norms applied to usage

2 Authorisation

2.1 What is an authorisation?

2.2 On which grounds is authorisation granted?

2.3 Restricted authorisation

2.4 Beginning of authorisation

2.5 Expiry of authorisation

2.6 The responsibilities of a user in the event of the expiry of an authorisation

3 Username

3.1 What is a username and why is one needed?

3.2 Who is entitled to a username?

3.3 User responsibility

3.4 Prohibition of disclosure and usage

3.5 Group ID

3.6 Responsibility for a group ID

3.7 Responsibility for disclosing the group ID.

4 Rights and responsibilities of users of IT Services

4.1 Primary purposes of use

4.2 Commercial use

4.3 Political use

4.4 Private use

4.5 Prohibited purposes of use

4.6 Privacy policy

4.7 Reporting duty

4.8 Secrecy

4.9 Prohibition of phishing

4.10 Safe storage and use of passwords

4.11 Restrictions on the use of IT services.

4.12 Providing IT services

4.13 Connecting devices to a communications network.

5 Identification and appropriate processing of data

5.1 Recognition of the type of data

5.2 Appropriate processing of data

5.3 Appropriate processing of personal data

6 Other provisions

6.1 Coming into force

6.2 Managing changes

6.3 Exceptions from the Terms of Use

6.4 Supervision