• Terms and conditions of the service

Terms and conditions of the service

1 Definitions

1.1 The GARRbox services

GARRbox is the cloud storage service to synchronize and share data with users. Access to the data contained in GARRbox is possible both from a web browser and from applications for different platforms and devices.

The service is accessible at https://gbox.garr.it

Users can use GARRbox only if the Bodies they belong to have subscribed to the service. At the time of subscription, the Entity will be assigned the resources of the service, the aggregate storage space available and the number of users allowed. The Entity will be able to independently manage the access authorizations and the allocation of storage space quotas to its users.

GARRbox is built and managed by Consortium GARR.

1.2 Data

The service acquires and manages two types of data: digital content and the user’s personal information.

Content is defined as data uploaded by users, i.e. text documents, presentations, images and videos, etc. These are organized, as usual, in files and directories. Shares and links that users create on their own data and on those shared to them are also considered content.

By personal information we mean the data that characterize the user’s identity, such as name and surname, the username and any passwords for encrypting the contents, the relevant body and the IP addresses with which the user accesses the service. Personal data are mainly extracted from the information provided by the Identity Providers of the IDEM Federation and are used for authentication, authorization and monitoring purposes.

1.3 Actors

The main roles that people can cover by interacting with GARRbox are shown in the following table. Some service procedures and related technical documents can introduce and define in more detail some sub-roles involved in the specific activities of the process.

Key
Administrative roles
AG	GARR Administration	He deals with the contractual and administrative part between the subscribers of GARRbox, in the person of the Administrative Contact, and the GARR Consortium.
RA	Administrative contact of the Authority for the GARRbox service	It is the person who signs GARRbox for his own organization and who interacts with the AG for the necessary bureaucratic procedures.
SO	Subscribing organization	Institutions (Legal Persons) that access the GARR network and sign the access agreement to the GARRbox service.
Technical roles
UT	GARRbox User	This is the person who accesses GARRbox, uploads their data to the service, synchronizes them between their devices and shares them with other users of their organization or with public links.
RT	Technical contact for the institution	He is a GARRbox user who has been granted special permissions to manage the quotas of virtual resources assigned to other GARRbox Users of the entity or project to which he belongs. It carries out first level support activities for GARRbox Users whose resources it manages.
SG	GARRbox service support	It is the group of experts that manages GARRbox. It carries out second level support activities by supporting the requests made by the local Technical Referents. It also deals with the assignment of the aggregate storage resources to the Bodies that subscribe to the service.

2 Service characteristics

GARRbox is accessible via the Internet, both from a web interface (https://gbox.garr.it) and through applications (clients) for different platforms. The service allows users to synchronize content between different devices and share them with other users. The service is characterized by maintaining its own servers, the operation of which is managed by GARR, within the Italian territory. GARRbox is designed as an alternative to file-sharing cloud services, which keep user data in countries where the application of Italian laws on privacy and confidentiality of online content is not guaranteed.

3 Operation

3.1 Subscription and access

GARRbox can only be used by users who have been authorized by an Entity that has subscribed to the service. Only organizations that have a digital identity management system belonging to the IDEM Federation are authorized to request subscription to the service. The registration to GARRbox takes place through a specific account for each user created, at the first access, using the IDEM federated credentials. The Technical Representatives of the Entity enable the new account and assign a personal storage quota. From that moment the registered user can access the service using the specific account credentials for the service. Registered users have full access to the features offered by the service. They can upload files and folders to GARRbox and, by sending links, they can invite third parties, both registered users and external to the system, to download the shared contents or to change the content itself, if authorized.

Third-party users who access user data shared through links may also not belong to the body of the user who originally owned the content, or to the GARR Community. The features of the service to which registered users have access are limited to the context of the sharing link received and by the authorization settings that the registered user has activated in GARRbox before forwarding the invitation to third parties. Before sharing with third parties, users should consider that authorized unauthorized users may pass the invitation link to other recipients not originally intended or desired, and these in turn to other third parties.

3.2 User management and accounting

Given the subscription of an institution to the GARRbox service, users register autonomously. When a user leaves his / her own institution, the institution will remove the credentials of its systems. The Technical Representatives of the Body, as delegated to the local authorization to the service, must block access to the outgoing user via the PrimoLogin administrative interface accessible from GARRbox.

The revocation of the Entity’s membership of the IDEM Federation formally implies the revocation of access to the service.

GARR reports the use of resources made by a subscriber Entity and reports to the Entity the costs for the use of these resources.

3.3 Data location

The servers that host the data that users upload through the service are located in Italy and are within the GARR infrastructure, which also manages its maintenance and operations. Users who access the service through the local networks of the Bodies reach the data through the GARR network, in all other cases access to the servers takes place via the Internet.

3.4 Storace capacity, replicas and backup

The maximum storage capacity offered to each user and the residual amount compared to use can be consulted through the service interfaces.

GARR does not perform regular backups of user content. GARR may decide to perform ad hoc backups of the contents for the sole purpose of greater protection during the maintenance of the service. Users are responsible for creating backups for their own content uploaded to the service, preserving them in an appropriate place and form (see Section 4.6).

GARR performs daily backups of the databases containing the information necessary for the regular functioning of the service.

3.5 User support

The first level of user support is made up of the Technical Referents of the Entities: the referents manage the ordinary administration activities of the user quotas and support the users belonging to their Entity in the first contact with the service. Users can identify and contact their Technical Referrals from the GARRbox administrative interface.

Users have also access to FAQ and online documentation.

For any problem, need for clarification or suggestion, users can contact the GARRbox Service Support, who will be responsible for analyzing the incident encountered or evaluating the request made. The contact channels with GARRbox Service Support are described on the service website.

4 Terms of use

4.1 Terms of service

The provisions of the following documents in their most recent version are applicable to the use of GARRbox:

• For users belonging to a member of the GARR Consortium: Statuto del Consortium GARR and Acceptable use policy ;

• For users belonging to an Affiliated Institution of the GARR Consortium: Agreement and related annexes and among these in particular the AUP;

• For entities that have signed a framework agreement with the GARR Consortium: terms of the agreement, implementation agreements and AUP;

• For all users: the “Terms and conditions of use” described in this document.

In the event of conflicting statements, this document takes precedence over the provisions of the other documents mentioned above. GARR reserves the right to modify the terms and conditions of use at any time. Organizations and users will be notified of any changes in an appropriate manner.

4.2 Acceptable use policy

GARRbox can be used to upload, synchronize, edit, download and share digital content. It can be used by members of an Entity subscribing to the service and also by unregistered users who receive a sharing link as described in Section 3.1.

Any use of the service is admissible only to the extent that such use does not conflict with this service description, the AUP of the GARR, the law or the rights of third parties. It is the user’s responsibility to decide which files and directories to upload, synchronize, modify, download or share via the service.

4.3 Users responsibility for the contents

Users and Entities have sole responsibility for their conduct, use, and content they upload to the service. It is not permissible to use the GARRbox service in any way that may conflict with this service description or with the rules indicated in the AUP.

The activities that third-party users can do on the shared data are manifold (for example, copying the file, modifying it, sharing it with third parties, publishing it, etc.).

It is not permissible to use the GARRbox service in any way that may cause offense or defamation or damage to third parties, for example by using the service to disseminate obscene or indecent material or which procures any form of anxiety and defamation, or in order to violate laws or regulations.

It is not permissible to use the GARRbox service to disseminate advertising material.

Moreover, sharing your credentials with 3rd parties is forbidden.

GARR declines all responsibility for actions carried out voluntarily or involuntarily by users on the contents.

4.4 Improper use of the service

Illegitimate use of the service is governed by what is reported in sections 4.2, 4.3, 4.4, 4.5 and 4.10 of this document.

In case of reasonable suspicion that the service is used in violation of laws or regulations or in violation of the rules contained in this paragraph 4. GARR reserves the right to block access to the content in question immediately (for example, copies pirated or illegal contents), deactivating the users holding the contents, eliminating any shares and moving the contents to quarantine. The users and related bodies concerned will not have the right to assert any claims for compensation following the measures taken by the GARRbox Support Service in the face of improper use of the service.

Furthermore, in all cases of improper use of the service, GARR reserves the right to collaborate with the competent authorities where this is required by law or if it is deemed necessary. In this context GARR will offer all the cooperation required by the competent authority, offering all the information necessary to prosecute illegal actions. Users and their organizations undertake to collaborate with GARR in order to promptly stop improper use and ascertain the causes. Responsibilities of users and organizations are discussed in section 4.10.

4.5 Misuse notification

If a user identifies illegal content or that constitutes an improper use of the service, the user is required to inform GARR by sending a report to the GARRbox Support Service in the manner indicated on the service site. The report must contain the following information: a) name and address of the user, b) description of the improper contents identified, c) explanation of the way in which the contents harm the user or the service or third parties according to the criteria established in section 4.4, d) URLs or links to which the contents can be reached, e) date and time at which the content or misuse was identified, f) screenshots that help to better understand the location and conditions of access to the contents .

GARR will evaluate from time to time the actions to be taken in response to a report from users.

4.6 Password and data backup

The user is responsible for protecting the passwords used to access the service. The user undertakes not to disclose them to third parties. The user is responsible for any activity carried out through their account or through the use of their passwords.

Except for the service backups described in paragraph 3.4, GARR will not create any backups of user content for long-term storage purposes. GARRbox is designed for the management of active data and therefore is not suitable for massive backup purposes, for example of user workstations.

4.7 Personal data protection

The user determines the scope in which the contents of their data are made accessible to third parties when they are shared. The Bodies, through their Technical Referents, are responsible for asking their users to comply with the terms and conditions applicable to the processing of personal data in the contents.

During registration, the service uses the user information provided in the manner and constraints imposed by the IDEM Federation of Identity. When accessing the GARR service, it tracks some information (IP address, date and time, username) for the purpose of maintaining and improving the service. GARR tracks the number of user accounts and the storage assigned in aggregate form to the subscribers.

4.8 Guarantees and safety

GARR guarantees that the data are stored on its infrastructure in Italy. GARR applies the best practices in the field of network and service protection but does not guarantee a specific level of security (QoS) or a certain level of availability (SLA).

4.9 Liability of GARR

The responsibilities and related limitations of GARR in the management of the GARRbox service are added to any constraints governed by agreements and conventions stipulated individually or collectively between the Bodies and GARR. The aforementioned agreements must be considered prevailing if in contrast with the rules of this document.

4.10 Subscribers and Users responsibility in case of misuse

The subscribers and users are entirely responsible, to the extent required by law, for the damages suffered by GARR due to improper use of the service and for other indirect damages. Each user and his / her body of affiliation are liable in first person and at their own expense for violations of copyright or intellectual property and / or violations of the provisions of the law in force regarding the protection of personal data caused by the contents uploaded to the service.

The User and the subscriber Institution respectively undertake to indemnify and hold harmless the GARR from any and all claims, damages, prejudices, costs or expenses (including also the costs for legal assistance as well as those consequent to any judicial measures issued against the GARR), which the GARR should incur as a result of the violation by the User or the Entity of any of the rules contained or referred to in this document.

FAQ

Privacy policy