The Board of the University is responsible for processing the personal data of students, employees and external students, for example for purposes of teaching, tutoring and collection of tuition fees. The General Data Processing Regulation (GDPR) applies to the processing of personal data.

The Board of the University has established policy regarding the protection of personal data and included this in a privacy statement and in privacy policy:

• General Privacy Statement of the University of Groningen

• General policy on protection of personal data University of Groningen

At the Central office for privacy you can ask questions and submit complaints about the processing of your personal data.

Central office for privacy

privacy@rug.nl

P.O. 72

9700 AB Groningen

University of Groningen General Purchasing Terms and Conditions (for works and related supplies and services)

University of Groningen General Purchasing Terms and Conditions (supplies and services)

Dutch universities consider it extremely important that governance be transparent and accountable. To this end they have composed and signed their own ‘Code of good governance for universities’. This code was first compiled in 2006 and modified on 10 May 2017.

• More information: Code of good governance for universities

Main features of the administrative organization

The University of Groningen consists of ten Faculties, the University Library, the Center for Information Technology, the University Centre for Learning & Teaching, the Kernfysisch Versneller Instituut, the Museum and a support service: University Services.

• More information: Administrative organization

Membership of the Board of the University

The Board of the University is the University’s central governing body. Its members are appointed by the Supervisory Board and are supported by the Office of the University.

• Professor J. de Vries, President
• Drs. J.A.W.M. Biemans, member of the Board

• Prof. dr. ir. J.M.A. Scherpen, Rector

• More information: Board of the University

Supervisory Board

The University Supervisory Board is responsible for the supervision of the Board of the University and the management of the entire University. The Supervisory Board’s responsibilities include: approval of the institutional plan, budget and administrative regulations, and the annual report.

• More information: Supervisory Board

Annual reports

• More information: Annual Reports

Integrity

• More information: Integrity

• More information: Regulations for Reporting Malpractices and Irregulations

DISCLAIMER: The current document is a translation of the corresponding and official Dutch version (called ''Gebruiksregels Universitaire Computersystemen''), which was endorsed by the board of the University of
Groningen. The current document is provided solely as a service to non-Dutch speaking members of the University. In all situations where the meaning of the current document is unclear or ambiguous, the Dutch document should be used for purposes of disambiguation.

Author: University of Groningen
Established: by the Board Sep. 29, 2009
Version: 1.2

This document contains the general rules for using the computer systems of the University of Groningen, the ``Acceptable Use Policy'' (AUP) of the University of Groningen.

The current document was derived from existing AUPs as used by various other universities. For the construction of the current document the following AUPs were consulted:

• Boston University Information Technology: Conditions of Use and Policy on Computing Ethics,  September 1, 1988;
• University of California at Los Angeles (UCLA): SEASnet General Information (23 oktober 1990);
• Oregon State University: Policy on Acceptable use of University Computing Facilities, January 25, 1991;
• Princeton University: 1992-1993 Guidelines for use of Campus and Network Computing Resources.

The above mentioned documents can be requested from the Security Manager of the Center for Information Technology. In particular UCLA's Acceptable Use Policy was used as a basis for the current document.

This document contains the generic usage policy; both for internal and external users (students, personnel, guests) as well as systems managers. For these target groups more specific acceptable use policies, derived from the current policy, are available as well.

This document uses the following terminology:

• Computer systems: ICT (information and communication technology) systems in general. Not only computers, but also peripherals such as printers or specialized systems such as routers.
• Terminal: a generic term for any `ICT apparatus'.
  

Responsibilities of the User and of Systems Security Personnel

User Responsibilities

Users of the university computer systems should realize they are not the only users of these computers. Many computers are multi-user systems, and the users of these computers belong to a community. Therefore, the ground-rule on which this AUP is based is similar to the ground-rule on which traffic is based: the users of the university computer systems may not endanger these systems, nor may they hinder other users.

Some implications of this ground-rule are that users are not allowed to send unsolicited email or try to obtain or use other users' passwords; neither occasionally, nor `for fun'.

Privacy of accounts:

Access to university computer systems is only granted to individuals. Using other people's accounts or access-rights will result in  the discontinuation of one's account.

Any unauthorized use of an account should be reported immediately to the security manager of the Center of Information Technology.

Copying  software:

Software made available on the university computer systems may be used subject to applicable licenses and copyrights. Any software stored on the university computer systems may not be copied for use elsewhere, unless explicit and written permission was granted by proper authorities. Conversely, using illegally obtained software is not allowed on university computer systems.

Using the  university computer systems:

Using the university computer systems, including hardware, software and
computer network facilities is only allowed in accordance with the nature of the provided account. Any use of the university computer systems is always restricted to research or education. Any commercial use of the university computer systems is not allowed, unless  explicit and written permission was granted by proper authorities.

Access information security:

By obtaining access information (e.g., usernames, passwords) third parties may gain access to the university computer systems. Even in this case the registered user of an account is liable for any access or abuse of the university computer systems. In order to minimize the probability that unauthorized parties obtain
your password, adhere to the following rules of thumb:
     

• Keep your access information secret: don't hand this information over to friends or acquaintances.
• Don't type your  password when somebody watches you type.
• Change your password every now and then. Opinions differ about the optimal interval for password changes, but everyone working in the field of security advocates to change passwords every once in a while. Changing ones
  password very often isn't necessary, but a password should be changed at least once a year.
• Do not use personal data about yourself, your friends or relatives when constructing your password.
• Do not use existing words or abbreviations (like rcrug of ppsw).
• Use lower- as well as uppercase letters, use digits and punctuation characters when constructing your password.
• Some examples of hard to guess, but easy to remember passwords (well, up to now, as they are now listed in this document):
             o  1irC&D `it is raining cats and dogs'.
             o  6^twT.  `barking up the wrong tree'.                    

Report holes in security:

All multi-user systems are vulnerable to security breaches. If you find a flaw in a system's security setup you should report this to the security manager. It is not allowed to exploit the discovered weakness in the security setup of university computer systems. By informing the security manager of any weakness you have found, you effectively help to optimize the reliability of the university computer systems, while preventing misunderstandings at the same time (do you exhibit intellectual curiosity or are you purposely exploiting a security hole?)

Using games:

On various university computer systems games were made available. Enjoy them in a responsible way. If you notice that somebody is waiting for your terminal it is very impolite to keep using your terminal for playing games. Terminate your session without being asked, and let others use your terminal. Prevent the situation that the other person has to ask you to leave your terminal.

The abuse of facilities and privileges

Abuse of facilities and privileges is illustrated by, but not restricted to, the following examples. Users of the university computer systems are expected to prevent and fight any abuse of the university computer systems in the spirit of this AUP. The examples provided below should be interpreted as illustrations, not as an exhaustive list.

It is not allowed:

• To modify or to remove hard- or software without having obtained prior permission from proper authorities;
• To use university computer systems, or to use any software or stored data without having obtained prior permission from proper authorities;
• To send any email using other people's names and/or addresses, or to read or distribute other people's mail without having obtained their consent in advance;
• To alter IP-addresses or other identifying data of university computer systems (e.g., by using spoofing);
• To violate software and/or copyright licenses that are applicable to the software and/or data that are stored on the university computer systems;
• To harass or hinder other users of the university computer systems;
• To gain access to, or to distribute any information stored in the university computer systems without having obtained prior permission of the owner of such software or data;
• To hamper or to deny access to the university computer systems by sending extremely large bodies of email, either to local destinations or to destinations outside of the university. Analogously, it is not allowed to abuse university computer systems by, e.g., submitting extremely large print-jobs, storing extremely large amounts of data, or executing programs using grossly inefficient algorithms or requiring excessively large resources;
• To distribute or to make available any information, irrespective of its form, owned by the university, without having obtained written permission by the owner in advance;
• To distribute or to make available obscene, aggressive, discriminating or threatening information.

When there are clear indications that an account is being abused, systems managers may be ordered to inspect the contents of information stored in, going to or leaving that account (cf. section `Responsibilities of systems managers', below).

Responsibilities of systems managers

Systems managers have the same rights and duties as other users of the university computer systems. However, the sensitive nature of their positions naturally leads to additional security related requirements.

• Systems managers should ensure that the users of their systems have access to the software and hardware they require for their normal work at the university. Requests for the installation of software should always be considered conditional to the assigned nature of the particular university computer systems. E.g., a systems manager of a computer not intended to serve up webpages cannot rightfully be asked to install a webserver on that particular computer.
• The systems manager is responsible for the security of the system itself, and will take care of, in cooperation with the security manager, the installation and maintenance of the required and available software.
• In order to uphold and maintain the integrity of `RUGnet' in- and outbound traffic is constantly monitored. All information about this traffic is  using automatic means.
• All information collected to analyze in- and outbound traffic is destroyed after at most six months except in cases where a legal obligation exists to retain the information for a longer period. In those cases the University of Groningen applies the legally acceptable minimum storage period.
• All information obtained about in- and outboud traffic is also analyzed using automated means and is aimed at the analysis of malware like viruses, trojan horses and worms.
• Except for the exceptional situation described below (abuse of an account) systems managers will not perform any content-analysis of the information within RUGnet.
• The systems manager will consider any information about the system, as well as any information stored in the system as confidential.
• In special situations the systems manager can be required to submit specific information (data, software) for further investigation, in order to solve any problems that were encountered while using the data or software. These requirements may involve security scans. Such scans are only performed subsequent to an authenticated request made by the relevant department or user of the system(s) involved.

When there are clear indications that an account is being abused, systems managers may be ordered to inspect the contents of information stored in, going to or leaving that account. Content-inspection is only allowed when the
following conditions hold true:

• There must be a clear and verifiable indication that the account is abused. For example, a complaint was received from a trusted CSIRT-team, or a complaint has reached the university through normal legal procedures.
• The responsible systems manager must have received an authenticated order to start a content inspection from both the Head of the Juridical Department (ABJZ) and the director of the Center of Information Technology. An
  authenticated order is either a written and signed letter or an electronic message bearing a verifiable signature (e.g., a GPG signed electronic mail).  

Consequences of abusing the University computer systems

Abusing university computer systems may result in disciplinary action.

If there are strong indications that university computer systems are or have been abused, and if the abuse can be traced down to a person who is associated with the university (the suspect), then at least one of the following steps should be taken to ensure the safety and integrity if the university computer systems:

• The board of the faculty or department responsible for the suspect is informed of the situation;
• The access rights of the suspect may be restricted or suspended, awaiting the results of the investigation. The suspect may file an objection to this restriction or suspension with the chair of his/her department;
    o  Data files and media of the suspect are investigated;
    o  The board of the University and the board of the applicable faculty or the director of the department responsible for the suspect is informed about the (suspected) abuse.

Legal articles to this AUP (in Dutch)

• Artikel 7.57 h WHW (artikel 7.57a (oud) WHW)
• Huisregels en Ordermaatregelen Rijksuniversiteit Groningen.

The code of conduct of personal data in scientific research is based on the general standards of the General Data Protection Regulation (GDPR).

More information:

• For the use of personal data in scientific research (Universiteiten van Nederland)

General policy on protection of personal data at the University of Groningen (2021)

Sectoral Scheme covering ancillary activities

Board of the University expense reimbursements rules is only available in Dutch

• Uniform Dutch reimbursements rules for members of boards of universities (in Dutch)
• Reimbursements Board of the University 2017
• Reimbursements Board of the University 2018
• Reimbursements Board of the University 2019

• Reimbursements Board of the University 2020

Higher education and Research Act (WHW) is only available in Dutch.

Wet op het hoger onderwijs en wetenschappelijk onderzoek (WHW)

Within the university, many different powers are exercised, decisions are made in the fields of education, research and operations, and many other legal acts are performed by or on behalf of the Executive Board. Examples include entering into a contract and buying, renting or tendering a building. Enrolling students and issuing a diploma are also acts exercised on behalf of the Executive Board.

In the new Mandate and Authorization Regulations, powers to perform legal acts on behalf of the Board are laid down in unambiguous rules. As an employee, you can now easily see who is authorised to decide and sign something. The regulation also provides a high degree of (legal) certainty for third parties.

The open access Act (Woo) regulates the right of access to public information. The Woo ensures openness and transparency of the government, including universities. When the Board of the University make information publicly available under the Woo, the information concerned is available for anyone to view.

Starting in 2022, the UG will publish all Woo-decisions and the information made public pursuant to the requests made under the open access Act.

General: buildings and the surrounding area

1.   Only eat and drink in the designated areas – never in lecture halls, computer rooms, libraries or laboratories. Resealable bottles of water are permitted.

2.   Only make phone calls where this is permitted, and not in or near lecture halls, study areas or libraries.

3.   Throw litter in the litter bins.

4.   Do not bring animals with you – only guide dogs and sniffer dogs are permitted.

5.   Smoking is not permitted on UG grounds.

6.   Put bicycles in the sheds or bicycle racks.

7.   Keep emergency exits accessible; call 050 363 8050 in an emergency.

Specific: for students

8.   Telephones, laptops and tablets may only be used during lectures for matters related to that lecture.

9.   Be on time – there is no ‘academic quarter hour’.

10. Keep quiet – talking disturbs the lecturer and fellow students.

House Rules and General Code of Conduct (2023)

The 'University of Groningen Regulations for Registration and Tuition Fees' set out the (legal) conditions for registration and tuition fees at the University of Groningen. The regulations are based on the Higher Eduction and Research Act ('Wet op het hoger onderwijs en wetenschappelijk onderzoek; WHW).

Regulations for registration and tuition fees for different periods

• 2024-2025
• 2023-2024
• 2022-2023
• 2021-2022
• 2020-2021

Archive

• 2019-2020
• 2018-2019
• 2017-2018
• 2016-2017
• 2015-2016
• 2014-2015
• 2013-2014
• 2011-2012

Confidential Advisor Regulations

Attendance regulations for different periods

• 2019-2021
• 2017-2019 (in Dutch)
• 2015-2017 (in Dutch)
• 2014-2015 (in Dutch)
• 2013-2014 (in Dutch)
• 2012-2013 (in Dutch)

Per the commencement date these Regulations apply to all intellectual property and the associated rights arising from the activities of an Employee or Semi-Employee of the University of Groningen/UMCG.

Regulations concerning camera surveillance at the University of Groningen

These regulations are in Dutch.

Regeling archiefbeheer (2008)

Regulations for the Protection of Personal Data Health, Safety and Environment of the University of Groningen (2020)