en:provozni_pravidla:start

Terms and Conditions of CESNET Data Storage Services

(hereinafter referred to as “Conditions”)

Data Storage Services
1. These operational conditions apply to data storage services (hereinafter referred to as DS) operated by CESNET association (DS administrator).
2. CESNET association's DS services are provided to physical and legal persons who meet the conditions specified on the relevant service website, where:
  1. services for physical persons are intended for individuals from the scientific-research community,
  2. services for legal persons are intended for organizations that have access to CESNET's e-infrastructure, and these services can be used by physical persons authorised by them (such as employees, students, etc.).
3. Term user in these Conditions refers to physical persons who access DS services in accordance with this article.
4. Persons to whom DS services are provided in accordance with Article 1, paragraph b of these Conditions, are responsible for ensuring that allocated DS service resources are used exclusively for activities in the field of science, research, development, and dissemination of results of these activities, and also in accordance with the Conditions of Access to CESNET's e-infrastructure.
Access to Data Storage Services and their Configuration
1. The procedure for obtaining individual DS services is specified on the relevant service websites. Methods of user access to DS are described in the technical documentation for DS services.
2. Access to DS services is typically controlled through Virtual Organizations (VO). Each VO has its administrators and members. Unless otherwise specified, the DS administrator acts as the VO administrator. For selected services, the VO administrator may be a representative of a specific user group. In such cases:
  1. persons to whom DS services are provided in accordance with Article 1, paragraph b of these Conditions, appoint VO administrators; number of those VO administrators must reflect the needs of the VO and recommendations of the DS administrator,
  2. VO administrators act and respond jointly and severally and are obliged to follow rules and instructions established for VO administrators,
  3. VO administrators are obliged to maintain up-to-date contact information and provide CESNET association with required cooperation without undue delay,
  4. VO administrators are responsible for deciding which users become members of the VO and gain access to DS service resources,
  5. VO administrators are responsible for ensuring that members of the relevant VO use provided DS services in accordance with these Conditions.
3. Membership in the VO is valid for a limited period and must reflect the type and configuration of the specific DS service. The purpose of this measure is to regularly verify the user's eligibility to access the DS service. Before the end of the membership period, the user will be prompted to extend it via the email address associated with their account. The invitation will typically include:
  1. instructions for extending VO membership (i.e. preserving access to DS service resources and stored data),
  2. a request for a brief report on the use of the DS service, including for the purpose of demonstrating proper use of DS services,
  3. a request for feedback, including for the purpose of evaluating and further developing DS services.
4. Access to DS services may also be controlled through specific groups within a VO. In such cases, the rules for VO established in these Conditions apply accordingly (mutatis mutandis) to these groups and their administrators.
5. Requests for special configuration of DS services for the needs of a specific VO are resolved by the DS administrator with the VO administrator. Such requests may include providing specific access protocols, special handling of stored data (e.g. determining the level of data protection by the number of copies in one or more geographic locations), and others. The DS administrator may require justification of the necessity and purpose of such requests from the VO administrator. The DS administrator decides on requests for special configuration at their discretion, taking into account the purpose of using DS resources, required and available resource capacities, data access type, and expected data protection quality.
Data Storage Period
1. DS resources are intended for different lengths of data storage periods. The data storage period depends on the type of DS service and is agreed upon between the DS administrator and the VO administrator. If a VO is to have resources for data storage with different storage periods, these data must be clearly distinguished by technical means of storage (e.g., located in different folders in the file system, in different buckets etc.).
2. The following applies to individual data storage periods:
  1. Temporarily stored data is stored for a maximum of 365 calendar days. The storage period is calculated for each individual file in the file system or object in the object storage. Files/objects whose accepted storage period has been exceeded may be deleted by the DS administrator. Upon request by the DS administrator, the user is obliged to inform the DS administrator about the expected volume of such stored data.
  2. Medium-term data storage is subject to quotas established by the DS administrator, namely quotas on data volume and number of files/objects.
  3. Long-term data storage is primarily served by repositories built within the National Repository Platform.
3. Users and VO administrators can monitor the setting of volume and time quotas and their utilization in the accounting system (https://accounting.du.cesnet.cz/), whose data is an authoritative source of information on the use of DS services. The set quotas do not represent a guarantee of available capacity of DS service resources; DS service resources cannot be reserved.
4. The accounting system informs users about exceeding quotas and approaching the end of the data storage period.
5. The DS administrator reserves the right to set additional limits for data storage beyond these Conditions.
User Obligations
1. The user is obliged to use DS services with consideration for other users. The user is advised to consult with the DS administrator in advance about transferring unusually large amounts of data or other operations that significantly load DS systems.
2. The user is obliged to use DS service resources in accordance with the Czech legal order (including rules for the protection of intellectual property, privacy, and personal data) and in accordance with good morals. The user must not circumvent administrative and security measures for access to DS.
3. The user is obliged to protect their access credentials to the account through which they access DS service resources. The user must not share these credentials with other persons and must not enable other persons to access their account in any other way. For the purpose of accessing DS service resources from automated systems (e.g., backup robots) and for configuring shared data spaces, the user is obliged to follow procedures described in the user documentation for the relevant services.
4. The account through which the user accesses DS service resources must be protected by a non-trivial password, i.e. a password that cannot be deduced from known user data or their simple modification.
5. The user is obliged to maintain up-to-date contact information and provide CESNET association with required cooperation without undue delay. The user is responsible, in particular, for the accuracy and functionality of their email address, to which the DS administrator sends necessary messages about DS operation and security, in addition to the invitation to extend VO membership. The user must consider that the email address will also be used to address very urgent situations, unless the user has also provided their phone number for these purposes.
6. The user is obliged to report to certs@cesnet.cz without undue delay if they learn or suspect that there has been an abuse of infrastructure, disclosure of access credentials, breach of security measures for accessing the services, or any other phenomenon that may indicate a security incident.
Handling of Data and its Deletion
1. The following are entitled to handle data stored on DS service resources:
  1. VO members, within the scope of authorization provided by the relevant VO administrator,
  2. VO administrators, for purposes related to the administration of the given VO,
  3. DS administrators, within the scope specified below.
2. Data stored by members of the relevant VO on DS service resources is retained for the duration of the user's membership in the VO and subsequently for at least six months after the end of their membership. The VO administrator is entitled to decide within this period that the data will be transferred to another VO member, that it should be deleted earlier, or that it should be handled otherwise.
3. If, in the case of DS services provided to individuals from the scientific-research community or their informal groups, no VO administrator is reachable, the DS administrator will contact the members of the relevant VO with a request to establish new VO administrators; otherwise, the entire VO will be blocked, and data will be deleted within the above-mentioned period. In the case of DS services provided to legal persons, the DS administrator will contact the relevant organization with a request to establish new VO administrators; otherwise, the entire VO will also be blocked, and data will be deleted within the above-mentioned period.
4. The DS administrator reserves the right to choose a different procedure for handling data and its deletion in justified cases, taking into account the purpose and other aspects of the provided DS service.
5. If the DS administrator plans to permanently shut down some of the operated storage due to technological renewal or obsolescence of technology and/or equipment, they will notify users of the relevant storage with sufficient notice so that data can be transferred. The DS administrator usually prepares space on a newer systems for affected VO administrators to transfer their data.
Ensuring Data Security and Service Level Guarantees
1. In the event of a reasonable suspicion that a user's access credentials have been leaked or compromised, the DS administrator is entitled to deny the user access to DS service resources.
2. The DS administrator is entitled to regulate or block user access for other administrative, operational, or security reasons. In the case of particularly serious violations of these Conditions, the DS administrator is entitled to deny the user access to DS service resources permanently.
3. The DS administrator declares that devices used for operating DS services are located on the territory of the Czech Republic.
4. The user must consider that, unless explicitly stated otherwise, DS service resources are not intended for storing sensitive data and personal data. Such data can be stored on DS service resources upon agreement with the DS administrator and under conditions established by them, following the resolution of related legal aspects (conclusion of a contract on the processing of personal data, etc.).
5. The guaranteed level of DS services and measures to ensure their security are specified on the relevant service websites or in their technical documentation.
6. Unless specified or agreed otherwise, DS services are operated in “best effort” mode. The DS administrator makes every effort to ensure the availability and security of data services and the storage and security of data stored by users on data storage. The DS administrator ensures that the protection of stored data and access to them correspond to the standards of state-of-the-art technologies. The operator also declares a high professional and moral level of operational technical personnel. High availability and security of data services is ensured by the redundancy of hardware components, security policies of systems, backup of required data for individual users or VO, and also the parameters of technical and system support from the hardware supplier. Unless explicitly agreed otherwise, the DS administrator does not provide additional guarantees beyond those resulting from the “best effort” mode of operation described above.
Final Provisions
1. The DS administrator is entitled to change these Conditions. The new version of the rules is published at least one month before their validity on the CESNET association's website.
2. Those Terms and Conditions were published on 4th July 2025, and as of 1st September 2025, they replace the previous versions and come into effect.

Version 114