Terms of use and data privacy statement for SecureMail at TU Dresden
Important notes:
- All messages sent to the external user of the system are digitally signed – please pay attention!
- All messages are sent in their entirety to the user and will NOT be saved on the system!
- If access data to the system is lost, there is NO possibility of decrypting encrypted messages. Make sure you take appropriate measures!
Scope
The present terms of use and data privacy statement (hereinafter referred to as NBDSecureMail) govern the relationship between external user of SecureMail (hereinafter called the user) and TU Dresden in the use of the SecureMail service of TU Dresden (hereinafter referred to as SecureMail). These regulations apply to both private and business use. The user accepts these conditions with every use of SecureMail and, in particular, by registering on the system.
Contract on SecureMail services, duration, termination
(1) Any use of the SecureMail service of TU Dresden is voluntary and free of charge. The use of the SecureMail service requires registration. The necessary details are listed in full in the description of the service SecureMail at Technische Universität Dresden. The user is obligated to make complete and truthful statements during the registration and other acts of use as well as to keep all data correct and up-to-date. Access to the SecureMail service is via https://securemail.tu-dresden.de. There is no legal entitlement to the use of the SecureMail service.
(2) As a rule, TU Dresden provides the contractual services itself. However, TU Dresden is entitled to have these or parts of the contractually agreed services provided by a third party.
(3) The contract is concluded for an unlimited period of time. Both TU Dresden and the user are entitled to terminate the contractual relationship for the use of SecureMail at any time in written form without stating any reasons. The aforementioned right of termination applies to TU Dresden with one month´s notice. The user´s contract is terminated under the e-mail address specified in the registration.
(4) TU Dresden may terminate the contractual relationship without notice if there is a compelling reason to do so; in particular, if the user violates contractual duties or violates statutory obligations in such a way that TU Dresden can no longer be expected to maintain the contract. In this case, a new registration by the user is only permitted with the explicit consent of TU Dresden. The user´s right to terminate the contract for important reasons shall remain unaffected.
(5) TU Dresden is also entitled to block the user´s access to SecureMail without notification and without compensation if the users violate the present NBDSecureMail or if the general security of the system is no longer guaranteed. The users can have their access to SecureMail deleted at any time by sending a message to the Service Desk of TU Dresden via TU Dresden´s SecureMail portal. In this case, the contractual relationship shall be considered terminated.
(6) Using SecureMail will no longer be possible after the termination of contract. It should be noted in particular that encrypted messages can no longer be decrypted after termination of the contract.
Service description
The currently valid description of the SecureMail service is available at SecureMail at Technische Universität Dresden
Availability of the SecureMail service
(1) The operation and troubleshooting are carried out according to the "best effort" principle, i.e. a trouble-free operation or a rapid elimination of errors is intended. However, a high availability or a pre-defined timeframe for troubleshooting cannot be ensured. This applies in particular to the content and transmissions beyond the sphere of influence of TU Dresden. In order to perform technical improvements, maintenance or updates, TU Dresden is entitled to temporarily interrupt access to SecureMail. Claims resulting from this interruption cannot be derived.
(2) If users send time-limited messages via SecureMail, they have to make sure that the deadlines can still be met even in the event of a system interruption.
Duties of care, data protection duties and liability
(1) Users are responsible for the careful storage of their access data. In particular, users have to keep their user names and passwords separated from each other and to protect them and the used devices from misuse by third parties. Under no circumstances, TU Dresden will ask users to provide their passwords.
If user name, password and other data specified during the registration (reply to security questions or mobile phone number) are lost, there is no possibility of accessing encrypted messages.
(2) If third parties have access to the users´ accounts, the users must allow all actions carried out by third parties to be charged as their own. If the users have reason to believe that an unauthorised third party has access to the access data, they immediately have to change their passwords and notify TU Dresden of the misuse of their access data.
(3) The users are obligated to not violate contractual or legal duties when using SecureMail and, in particular, not to send messages with illegal content, viruses or spam. In particular, the chosen username may not violate applicable German law, third-party rights, and these terms of use or good morals.
(4) The users are liable for damages to TU Dresden or third parties caused by the content of the electronic messages transmitted by the users using SecureMail or the abusive, contractual or illegal use of SecureMail. If third parties claim directly against TU Dresden due to culpable infractions of the above-mentioned obligations by the users, the users agree to completely reimburse TU Dresden, especially for legal costs at the level of the legally accruing fees. TU Dresden is to inform the user immediately if such claims are asserted.
(5) TU Dresden is liable for possible damages, which may be caused to the users due to gross negligence or intentional conduct when using the SecureMail service. TU Dresden is only liable to the extent of the typically foreseeable damages in case of gross negligence of its vicarious agents, who are not executive employees.
(6) The limitations of liability defined in § 6 para. 5 shall not apply to injury to life, body or health, to the violation of cardinal duties or liability is mandatory due to the liability of the Product Liability Act.
(7) The user is responsible for the proper data backup. In case of data loss, TU Dresden is only liable for the expenses that would have been necessary for data recovery if the customer had stored the data properly.
Data protection
(1) All information provided by the user at registration is collected, processed and used solely for providing the SecureMail service of TU Dresden. As far as data is stored, this is done on servers of TU Dresden or other German servers. Such data shall not be transmitted to third parties, unless law otherwise stipulates this or if this is necessary to accomplish the contractual duties. In this respect, TU Dresden is entitled to pass on the personal data to the third parties commissioned to perform the contractual services. In particular, the data required for sending the access code by SMS will be transmitted to the DFN-Verein eV, Alexanderplatz 1, 10178 Berlin, as far as the SMS gateway of the DFN Association (Association for the Promotion of the German Research Network) is used. TU Dresden obligates the DFN-Association and other third-party agents to accomplish the obligations to use the user's data only in accordance with the guidelines of these Terms of Use.
(2) If users transmit data from third parties via SecureMail, they are responsible for obtaining the corresponding consent from these third parties.
(3) The parties are obliged to treat all confidential information, business and company secrets obtained within the framework of the contractual relationship confidentially, and not to disclose them to third parties or to use them for purposes other than for contractual purposes.
(4) Users' data is only stored for as long as it is required to provide the service and to meet the legal requirements.
(5) It is generally known that the users can request information at any time about the data processed regarding their person, as well as the possible recipients to whom this data was transmitted, and that the users are entitled to a response within one month after submitting a request for this information.
(6) It is generally known that the users can contact TU Dresden′s Data Protection Officer and the responsible supervisory authority for data protection https://www.saechsdsb.de/ at any time.
Copyright law
The obtained services and contents are protected by copyright in favour of TU Dresden or third parties, unless otherwise stated.
The users are granted a simple right of use, which is limited to the use for their own purposes. There are no further rights to the services and contents. In particular, the users are not allowed to duplicate or redistribute, edit, make it accessible to the public or the like.
Right of cancellation
You are entitled to a right of cancellation for contracts, which you concluded using means of telecommunication, i.e. online, by e-mail, telephone, and fax or mail, if you are a natural person and the legal act cannot be attributed to either your commercial or independent professional activity. The cancellation period is 14 days and commences at the earliest with the receipt of this cancellation policy. The cancellation can be submitted without justification and must be stated in writing. Punctual sending of the cancellation to TU Dresden shall be sufficient for observance of the deadline. If you exercise your right of cancellation on time, you are no longer bound by your declaration of intention, which you have made with us when signing the contract with us. We would like to point out that in case of cancellation; you have to return the services received up to the time of your cancellation. If this is not possible, you will have to pay compensation, typically for the amount charged in normal cases. Your right of cancellation ceases prematurely where TU Dresden commences execution of the service prior to expiry of the cancellation period with the express approval (e.g. by activation of SecureMail) or you have arranged for the services to be commenced (e.g. using SecureMail).
Final provisions
(1) These Terms and Conditions shall take precedence over all other conditions regarding the use of the SecureMail service, unless otherwise agreed.
(2) Modifications have to be made in writing. This shall also apply to modifications in the clause on the text form.
(3) Should individual provisions of this contract become invalid or need to be complemented in some respect, the effectiveness of the remaining provisions shall remain unaffected. The parties undertake to replace the ineffective provisions or the provisions requiring supplementation by a new arrangement, which is closest to the intended economic purpose.
(4) Place of jurisdiction is Dresden, to the extent permitted by law. The contractual relationship is subject to the law of the Federal republic of Germany.