1. General declaration
   1. CESNET Data Storage (DS) is administered and operated by CESNET, association of legal entities, http://www.ces.net/.
   2. User (service consumer) of CESNET DS facilities may be a legal entity (organisation) having contract relationship with CESNET or person having valid working contract (employee) or having valid study relationship (student) with legal entity (organisation) that meets the “Terms and conditions for the access to the CESNET e-infrastructure”, see https://www.cesnet.cz/conditions/?lang=en.
   3. DS can only be used for transferring and storing data associated with activities in science, research, development, dissemination of education, culture and prosperity. For details, see “Acceptable Use Policy of the Infrastructure (Acceptable Use Policy, AUP)”, https://www.cesnet.cz/conditions/?lang=en.
      
      
2. Virtual organisation
   1. Users of DS services are organised in so-called Virtual Organisation (VO). VOs have managers and members. VO manager negotiates conditions of service usage and technical means for user access to DS with DS administrators. Portfolio and the level of services provided to a specific user depends on user's membership in VO. A user can be a member of multiple VOs. User's VO membership is decided and granted by the VO manager; the VO manager must follow these Terms of Service.
   2. For purposes of these Terms of Service, users of services that are accessible primarily with federated identities (i.e. particularly FileSender and ownCloud) are considered to be members of distinguished VOs administered by the DS administrator.
   3. Level and properties of provided DS services are described in the technical documentation on the website http://du.cesnet.cz. This site thus serves as a Service Level Declaration (SLD).
   4. The requirements of VO manager for VO services configuration are handled by DS administrator. Such requirements may include providing specific access protocols, special handling of stored data (e.g. increasing data security level by adding replicas in one or more geographical locations) etc. The DS administrator expects the VO manager to explain why such configuration is necessary and useful. The DS administrator decides about providing such a service based on the purpose of requested storage space, required capacity, available capacity in the infrastructure, type of data access and required quality of data protection.
      
      
3. Data types, archives and backups
   1. VO manager negotiates with DS administrator whether stored data is of archival or backup type. Data of both types can be stored in a single VO. Nature of the data is recognised by technical means of DS (e.g. the data is located in different folders in the file system).
   2. Archival data has long-term character. The DS administrator will dedicate space limited by quotas for data capacity and file/object count.
   3. Backup data has short-term character. Its storing on DS is limited by a predetermined storing period of time. Storing period is computed for every single file on file system or object in case of object DS. Accepted storing period for file/object is 365 calendar days. The DS administrator is entitled to delete all files/objects of backup type which have exceeded the storing period. The VO manager will be asked by the DS administrator to provide estimates of expected amounts of data for planning purposes.
   4. For operational or technical reasons, the DS administrator reserves the right to declare additional limits for storing data based on other data properties in addition to capacity and time characteristics.
   5. Storing data from automated backups system into DS space dedicated for archival data is considered to be a severe violation of this Terms of Service.
   6. Configuration of capacity and time quotas and level of their usage is tracked by the system of accounting (https://accounting.du.cesnet.cz/). Accounting data is available to DS users, VO managers of the particular VO where the data is stored, and to the DS administrators.
   7. DS users and VO managers note that authoritative systems for quota settings are the user management system and the accounting system. (Due to properties of large DS systems and data access protocols can various tools interpret in quota or drive size some values set up purely from technical reasons, in some case totally incorrect values.)
   8. Should capacity quota or acceptable storage period of data of backup type be exceeded, users will be notified by the accounting system. The accounting system notifies users also at least two weeks before exceeding storing period for backup data.
   9. Assigning the capacity quota does not imply that the capacity is actually available on the storage equipment. Reservations and guarantees of available space are not provided.
      
      
4. End of life cycle
   1. DS administrator is entitled to require a proof that the user is entitled to access data storage facilities with respect to Section 1 of these Terms of Service. The proof is usually requested once a year by means of extending membership in the VO. A short report about the purpose of using the storage is requested during the process. Contents of such reports may be used in project reports and in advertising. The user is (repeatedly) asked to extend the VO membership by the user management system via email notification sent to user's administrative mail contact. The notification contains instructions how to extend the VO membership. Accessing with the eduID.cz federated account is a typical way. Alternative means are described in the documentation of the Hostel service.
   2. Should user's VO membership expire, the DS administrator usually makes user's data inaccessible by means of access permissions setting. Six months after membership expiration the DS administrator is entitled to delete all data of the DS user in the particular VO. The VO manager can establish other data handling procedures for data owned by an expired member. Such procedures must comply with the purpose of particular VO. The data is typically deleted after longer periods of time if feasible with respect to the operational status of the storage equipment.
   3. Should the VO have no active members nor active VO manager (active VO manager is a VO manager actively communicating with the DS administrator when contacted), the DS administrator is entitled to delete all the data of the VO, but not earlier than 6 months after the VO becomes inactive.
   4. When the DS administrator intends to decommission a service facility due to technology renewal, the DS administrator will notify the users in advance so that data could be moved into other facilities. The DS administrator usually prepares storage space for the affected VOs on other facilities during the process.
   5. If necessary and with respect to technical availability, the DS administrator will provide one-time access to data of a user whose membership has expired. The DS administrator will require sufficient documentation or proof that the person is the original creator of the data (e.g. by means of showing an ID and demonstrating the person used to be employed by the organisation listed in the user management system or similar).
      
      
5. Security
   1. User is obliged to use DS services with respect to other DS users. Transferring of non-trivial amounts of data or performing operations that cause excessive load to storage systems are advised to be first discussed with DS administrators.
   2. Access methods to the storage as well as authentication mechanisms are described in the manuals available on https://du.cesnet.cz/.
   3. DS user is obliged to protect user account access with a non-trivial password. Non-trivial password is such that it is impossible to derive from known information about the user, especially is not a person, animal or thing name or a simple combination of those.
   4. DS administrators are entitled to perform testing for trivial passwords. In case of a positive result, the user will be securely notified (user's access can be suspended until the password has been changed), and the user is asked to change the password.
   5. DS user may not provide access of other persons by means of sharing account credentials (password, private keys, etc.). DS user is obliged to keep his/her credentials secret. To access DS from automated systems (e.g. backup robots) it is strongly advised to use service user account, which can be created in user management system.
   6. DS user may not use DS in any unlawful way (in particular, copyright law and protection of personal data law). The user may not bypass and/or attempt to bypass any administrative and/or security measures for access to DS.
   7. DS user is obliged, without any overdue, to notify via email address support(at)cesnet.cz if the is aware or suspecting that the infrastructure has been compromised, misused, access passwords have been disclosed, or in any case of other events which can indicate a security incident, such as strange account behaviour, appearance or disappearance of files and so on.
   8. DS administrator is entitled to regulate or deny user access due to administrative, operational, and/or security reasons. In case of severe violations of these Terms of Service and/or security rules, the DS administrator entitled deny access of such user to the infrastructure permanently.
   9. Principles of handling and protecting personal data are described in the document about personal data protection.
      
      
6. Hierarchical DS and its properties
   1. DS users using hierarchical DS (Hierarchical Storage Management, HSM) take due note of its following properties. HSM comprise of a tier of fast disk array and a slower tape library or MAID (Massive Array of Idle Disks). Data is automatically transferred (migrated) between disks, MAID and tapes by using predefined rules. The transfers seem to be transparent, all data appears to be placed on the disks. When data which has been migrated onto a slower DS tier is accessed, it has to be recalled back onto disks. This operation may be slow. Reasons for this technical solution are economical as storing data on the tapes or MAID allows for cutting operational costs.
   2. Data migration policies between the tiers are configured based on DS administrator's and VO manager's agreement, taking user needs into account as well as technical and economical aspects of DS operation. DS users are advised to keep in mind that recall time of data which has not been used recently can be longer.
   3. DS user should not enforce migrating data from tape to disks if this data is not intended to be used immediately.
      
      
7. Assurance and responsibility
   1. DS is operated in “best effort” mode. DS administrators put the best effort to guarantee security and availability of data services and to safe data storing and keeping in the infrastructure. DS administrators for that purpose guarantee that the protection of stored data and access to it correspond to the state of the art of data technologies deployed in similar infrastructures. Provider of DS also guarantee high technological and moral standards of the technicians maintaining the DS systems. High availability and security of the data services is supported by hardware component redundancy, security policies of hierarchical systems, backups of required user data and also by means of technical and system support that is held by the technology supplier in 24×7 mode. The storage system architecture was designed for top level data retention (up to 99.99999999 %). The DS provider do not declare other formal guarantees except the “best effort” described above, unless stated otherwise.
      
      
8. Other declarations
   1. The DS administrator declares that the devices deployed/operated in the infrastructure are located in the Czech Republic.
   2. DS administrator is authorised to change these Terms of Service. A new version of the Terms is published on the web of CESNET association at least one month before the Terms of Service become valid.
   3. These Terms of Service are published in Czech and English versions. In case of different interpretations of language versions, the Czech version is binding and obligatory.
      
      
9. Temporary declaration: recognition of archive data and backup data is not applied on the data stored in hierarchical facilities du1.cesnet.cz (Pilsen), du2.cesnet.cz (Jihlava), and du3.cesnet.cz (Brno). DS administrators handle all data stored in those facilities to be of archival type.

The Terms of Service were published on 30th November 2017. They came into effect on 1st January 2018, replacing any previous versions.

1. A person may become a user (service consumer) of CESNET Data Storage (DS) facilities only if the person is an employee or a student of an organisation that meets the “Terms and conditions for the access to the CESNET e-infrastructure”, see https://www.cesnet.cz/conditions/?lang=en.
   
   
2. The user may only use data storage for data transfer and storage which are associated with activities in science, research, development, dissemination of education, culture and prosperity. For details, see “Acceptable Use Policy of the Infrastructure (Acceptable Use Policy, AUP)”, https://www.cesnet.cz/conditions/?lang=en.
   
   
3. CESNET Data Storage is administered and operated by CESNET, http://www.ces.net/.
   
   
4. Users of DS services are organized in so-called virtual organizations (VO). VOs have managers and members. The VO manager and the DS administrators negotiate conditions of service use and technical means of user access to DS. Portfolio and the level of services provided to a specific user depends on user's membership in VOs. A user can be a member of multiple VOs.
   
   
5. Users of services that are accessible primarily with federated identities (e.g., FileSender and ownCloud) are considered to be members of a special VO administered by the DS administrator for the purpose of these Terms.
   
   
6. The level and basic properties of provided data services are expressed in the technical documentation on the website http://du.cesnet.cz. This site thus serves as a Service Level Declaration (SLD).
   
   
7. The requirements for non-standard configurations DS solve DS administrator with VO manager. Such requirements may include providing specific access protocols, special handling of stored data (e.g., a single copy of the data on tapes considered sufficient, or on the contrary, data that require higher level of security, greater number of geographically separate tape replicas) or similar. The DS administrator may require the user to explain necessity and usefulness of such a configuration. The DS administrator decides the technical solution based on the purpose of required storage, required capacity, available capacity on the systems, type of data access and required quality of data protection.
   
   
8. DS is technically implemented as hierarchical. This means that it has a tier of fast disk arrays and a slower tape library and/or MAID (Massive Array of Idle Disks, i.e., disks that can be switched off). The data is automatically migrated among tiers based on migration policies. Data migration is transparent to the users, all the data appear to be on the disks. When migrated data is accessed, it has to be recalled by the system, i.e., migrated back to the disk arrays which takes some time. Reasons for this solution are economical; keeping the data on tapes or MAID is significantly less expensive in terms of operational costs.
   
   
9. Data migration policies are configured based on DS and VO managers agreement, taking user needs into account as well as technical and economical aspect of storage operations. The users are advised to keep in mind that recall time of data that has not been used recently may be longer.
   
   
10. User access methods to the DS as well as authentication mechanisms are described in manuals available on https://du.cesnet.cz/.
    
    
11. DS administrators are entitled to require the users to demonstrate that the user is allowed to use the infrastructure as described in paragraph 1 of these Terms. This is usually demonstrated once a year by means of extending membership in the VO. A short report on storage usage is usually requested. Contents of such reports may be used in project reports and in advertising. The user is (repeatedly) asked to extend the VO membership by the account management system with an email sent to user's administrative mail contact. The notification also contains instructions how to perform membership handling. Typically, accessing with the eduID.cz federated account is sufficient for the operation. Alternative means are described in the documentation of the Hostel service.
    
    
12. Has user's VO membership expired, the DS administrator usually makes user's data inaccessible by means of access permission setting. Six months after the user's VO membership expired, the DS administrator is entitled to delete data of the user in the particular VO. The VO manager can negotiate other means of handling of data of expired VO members. Such means must oblige the purpose of the VO. The data is usually deleted after much longer periods of time when technically possible on the storage facility.
    
    
13. The user with expired membership can ask the DS administrator to allow access to user's data via computer network for one-time download according to technical possibilities. The DS administrator will ask the user to give a proof that the user is a possessor of the data (e.g. by demonstrating a personal identification and demonstrating a previous membership to an organisation that is connected to the user in the user management system or other unambiguous proof).
    
    
14. The user is obliged to use the DS services taking other users into consideration.
    
    
15. The user is obliged to protect access with non-trivial passwords. Such passwords must not be a derivative (i.e., a simple mutation) of the data available about the user, and/or a derivative of a name of a person, animal or thing (even for simple mutations).
    
    
16. DS administrators are allowed to test passwords strength. In case of a positive result, the user will be notified through the secure channel and is required to change his password without delay (user's access can be suspended until the password is changed).
    
    
17. The user is obligated to notify via email addressed to support(at)cesnet.cz if he/she is aware or suspecting that the infrastructure was compromised, misused, access passwords disclosed, or in case of other events which may indicate a security incident, such as strange account behaviour, appearance or disappearance of files and so on.
    
    
18. The user agrees that information about users and their usage of the infrastructure are archived for the purpose of administration, operation, statistics, monitoring, and security. The user also agrees that aggregated form of such information can be used in project reports.
    
    
19. The DS administrator is authorized to regulate or deny access of a user for administrative, operation, and/or security reasons. Has the user violated the Terms of Service and security rules in a severe manner, the DS administrator may deny access of such user to the infrastructure permanently.
    
    
20. The user may not provide access to the infrastructure to another person disclosing user's credentials (passwords, private keys, and so on). The user is obligated to keep access credentials in secret.
    
    
21. The user may not use DS in way that violates any laws (in particular copyright law and the law on the protection of personal data). The user may not bypass and/or attempt to bypass any administrative and/or security measures for access to DS.
    
    
22. The user should not enforce migrating data from tape to disks if this data is not intended to be used immediately. The users are advised to consult transfers of unusually large amounts of data with the DS administrator in advance.
    
    
23. Mechanisms of quotas are deployed on the DS, limiting the amount of data that can be stored by the user. The main purpose of quotas is to increase protection against user errors that could interfere with infrastructure operation. Quotas do not guarantee that the space is actually available in the infrastructure. Guaranteed data space reservations are not provided. Space usage is monitored by the accounting system for technical reasons.
    
    
24. DS is operated in “best effort” mode. DS administrators put the best effort possible to guarantee security and availability of data services and to safely store and keep data in the infrastructure. DS administrators guarantee that the protection of the data and overall modes of operation are state of the art of data technologies deployed in similar infrastructures. The DS administrators also guarantee high technological and moral standards of the technical personnel. High availability and security of the data services is supported by hardware component redundancy, security policies of the hierarchical systems, backups of required user data and also by means of technical and system support that is held by the technology supplier in 24×7 mode. The storage system architecture was designed for top level data retention (up to 99.99999999 %). The DS administrators do not declare other formal guarantees except the “best effort” described above, unless negotiated otherwise.
    
    
25. The DS administrator declares that the devices deployed in the infrastructure are located in the Czech Republic.
    
    
26. DS administrator is authorized to change these Terms. A new version of the Terms is published on the web of CESNET association at least one month before the Terms become valid.
    
    
27. The Terms are published in Czech and English versions. In case of different interpretations of language versions, the Czech version is binding and obligatory.
    
    

The Terms of Service were published on December 14, 2016. They came into effect on January 15, 2017, replacing any previous versions.

1. A person may become a user (service consumer) of CESNET Data Storage (DS) facilities only if the person is an employee or a student of an organisation that meets the “Principles for access to CESNET Large infrastructure (Access Policy)”, see http://www.cesnet.cz/doc/podminky.html (in Czech).
   
   
2. The user may only use data storage for data transfer and storage which are associated with activities in science, research, development, dissemination of education, culture and prosperity. For details, see “Acceptable Use Policy CESNET Large Infrastructure (Acceptable Use Policy, AUP)” which is an attachment of the Access Policy, see above.
   
   
3. CESNET Data Storage is operated by CESNET, http://www.ces.net/.
   
   
4. Users of DS services are organized in so-called virtual organizations (VO). VO has a manager and members. The VO manager and the DS administrators negotiate conditions of service use and technical means of user access to DS. Portfolio and the level of services provided to a specific user depends on user's membership in VOs. A user can be a member of multiple VOs.
   
   
5. Users of services that are accessible primarily with federated identities (e.g., FileSender and ownCloud) are considered to be members of a special VO administered by the DS administrator for the purpose of these Terms.
   
   
6. The level and basic properties of provided data services are expressed in the technical documentation on the website http://du.cesnet.cz. This site thus serves as a Service Level Declaration (SLD).
   
   
7. The requirements for non-standard configurations DS solve DS administrator with VO administrator. Such requirements may include providing specific access protocols, special handling of stored data (e.g., a single copy of the data on tapes considered sufficient, or on the contrary, data that require higher level of security, greater number of geographically separate tape replicas) or similar. The DS administrator may require the user to explain necessity and usefulness of such a configuration. The DS administrator decides the technical solution based on the purpose of required storage, required capacity, available capacity on the systems, type of data access and required quality of data protection.
   
   
8. DS is technically implemented as hierarchical. This means that it has a tier of fast disk arrays and a slower tape library and/or MAID (Massive Array of Idle Disks, i.e., disks that can be switched off). The data is automatically migrated among tiers based on migration policies. Data migration is transparent to the users, all the data appear to be on the disks. When migrated data is accessed, it has to be recalled by the system, i.e., migrated back to the disk arrays which takes some time. Reasons for this solution are economical; keeping the data on tapes or MAID is significantly less expensive in terms of operational costs.
   
   
9. Data migration policies are configured based on DS and VO administrators agreement, taking user needs into account as well as technical and economical aspect of storage operations. The users are advised to keep in mind that recall time of data that has not been used recently may be longer.
   
   
10. User access methods to the DS as well as authentication mechanisms are described in manuals available on https://du.cesnet.cz/.
    
    
11. DS administrators are entitled to require the users to demonstrate that the user is allowed to use the infrastructure as described in paragraph 1 of this Terms. This is usually demonstrated once a year by means of extending membership in the VO. The user is (repeatedly) asked to extend the VO membership by the account management system with an email sent to user's administrative mail contact. The notification also contains instructions how to perform membership handling. Typically, accessing with the eduID.cz federated account is sufficient for the operation. Alternative means are described in the documentation of the Hostel service.
    
    
12. Has user's VO membership expired, the DS administrator usually makes user's data inaccessible by means of access permission setting. The VO administrator can negotiate other means of handling of data of expired VO members. Such means must oblige the Terms of Service of the DS as well as the purpose of the VO. Six months after the user's VO membership expired, the DS administrator is entitled to delete data of the user in the particular VO. The data is usually deleted after much longer periods of time when technically possible on the storage facility.
    
    
13. The user with expired membership can ask the DS administrator to allow access to user's data via computer network for one-time download according to technical possibilities. The DS administrator will ask the user to give a proof that the user is a possessor of the data (e.g., by demonstrating a personal identification and demonstrating a previous membership to an organisation that is connected to the user in the user management system or other unambiguous proof).
    
    
14. The user is obliged to use the DS services taking other users into consideration.
    
    
15. The user is obliged to protect access with non-trivial passwords. Such passwords must not be a derivative (i.e., a simple mutation) of the data available about the user, and/or a derivative of a name of a person, animal or thing (even for simple mutations).
    
    
16. DS administrators are allowed to test passwords strength. In case of a positive result, the user will be notified through the secure channel and is required to change his password without delay (user's access can be suspended until the password is changed).
    
    
17. The user is obligated to notify via email addressed to support(at)cesnet.cz if he/she is aware or suspecting that the infrastructure was compromised, misused, access passwords disclosed, or in case of other events which may indicate a security incident, such as strange account behaviour, appearance or disappearance of files and so on.
    
    
18. The user agrees that information about users and their usage of the infrastructure are archived for the purpose of administration, operation, statistics, monitoring, and security.
    
    
19. The DS administrator is authorized to regulate or deny access of a user for administrative, operation, and/or security reasons. Has the user violated the Terms of Service and security rules in a severe manner, the DS administrator may deny access of such user to the infrastructure permanently.
    
    
20. The user may not provide access to the infrastructure to another person disclosing user's credentials (passwords, private keys, and so on). The user is obligated to keep access credentials in secret.
    
    
21. The user may not use DS in way that violates any laws (in particular copyright law and the law on the protection of personal data). The user may not bypass and/or attempt to bypass any administrative and/or security measures for access to DS.
    
    
22. The user should not enforce migrating data from tape to disks if this data is not intended to be used immediately. The users are advised to consult transfers of unusually large amounts of data with the DS administrator in advance.
    
    
23. Mechanisms of quotas are deployed on the DS, limiting the amount of data that can be stored by the user. The main purpose of quotas is to increase protection against user errors that could interfere with infrastructure operation. Quotas do not guarantee that the space is actually available in the infrastructure. Guaranteed data space reservations are not provided to individual users. Space usage is monitored by the accounting system for technical reasons.
    
    
24. DS is operated in “best effort” mode. DS administrators put the best effort possible to guarantee security and availability of data services and to safely store and keep data in the infrastructure. DS administrators guarantee that the protection of the data and overall modes of operation are state of the art of data technologies deployed in similar infrastructures. The DS administrators also guarantee high technological and moral standards of the technical personnel. High availability and security of the data services is supported by hardware component redundancy, security policies of the hierarchical systems, backups of required user data and also by means of technical and system support that is held by the technology supplier in 24×7 mode. The storage system architecture was designed for top level data retention (up to 99.99999999 %). The DS administrators do not declare other formal guarantees except the “best effort” described above.
    
    
25. The DS administrator declares that the devices deployed in the infrastructure are located in the Czech Republic.
    
    
26. DS administrator is authorized to change these Terms. A new version of the Terms is published on the web of CESNET association at least one month before the Terms become valid.
    
    
27. The Terms are published in Czech and English versions. In case of different interpretations of language versions, the Czech version is binding and obligatory.
    
    

The Terms of Service were published on December 18, 2014. They came into effect on February 1, 2015, replacing any previous versions.

1. A person may become a user (service consumer) of CESNET Data Storage (DS) facilities only if the person is an employee or a student of an organisation that meets the “Principles for access to CESNET Large infrastructure (Access Policy)”, see http://www.cesnet.cz/doc/podminky.html (in Czech).
   
   
2. The user may only use data storage for data transfer and storage which are associated with activities in science, research, development, dissemination of education, culture and prosperity. For details, see “Acceptable Use Policy CESNET Large Infrastructure (Acceptable Use Policy, AUP)” which is an attachment of the Access Policy, see above.
   
   
3. CESNET Data Storage is operated by CESNET, http://www.ces.net/.
   
   
4. Users of DS services are organized in so-called virtual organizations (VO). VO has a manager and members. The VO manager and the DS administrators negotiate conditions of service use and technical means of user access to DS. Portfolio and the level of services provided to a specific user depends on user's membership in VOs. A user can be a member of multiple VOs.
   
   
5. Users of services that are accessible primarily with federated identities (e.g., FileSender and ownCloud) are considered to be members of a special VO administered by the DS administrator for the purpose of these Terms.
   
   
6. The level and basic properties of provided data services are expressed in the technical documentation on the website http://du.cesnet.cz. This site thus serves as a Service Level Declaration (SLD).
   
   
7. The requirements for non-standard configurations DS solve DS administrator with VO administrator. Such requirements may include providing specific access protocols, special handling of stored data (e.g., a single copy of the data on tapes considered sufficient, or on the contrary, data that require higher level of security, greater number of geographically separate tape replicas) or similar. The DS administrator may require the user to explain necessity and usefulness of such a configuration. The DS administrator decides the technical solution based on the purpose of required storage, required capacity, available capacity on the systems, type of data access and required quality of data protection.
   
   
8. DS is technically implemented as hierarchical. This means that it has a tier of fast disk arrays and a slower tape library and/or MAID (Massive Array of Idle Disks, i.e., disks that can be switched off). The data is automatically migrated among tiers based on migration policies. Data migration is transparent to the users, all the data appear to be on the disks. When migrated data is accessed, it has to be recalled by the system, i.e., migrated back to the disk arrays which takes some time. Reasons for this solution are economical; keeping the data on tapes or MAID is significantly less expensive in terms of operational costs.
   
   
9. Data migration policies are configured based on DS and VO administrators agreement, taking user needs into account as well as technical and economical aspect of storage operations. The users are advised to keep in mind that recall time of data that has not been used recently may be longer.
   
   
10. User access methods to the DS as well as authentication mechanisms are described in manuals available on https://du.cesnet.cz/.
    
    
11. DS administrators are entitled to require the users to demonstrate that the user is allowed to use the infrastructure as described in paragraph 1 of this Terms. This is usually demonstrated once a year by means of extending membership in the VO. The user is (repeatedly) asked to extend the VO membership by the account management system with an email sent to user's administrative mail contact. The notification also contains instructions how to perform membership handling. Typically, accessing with the eduID.cz federated account is sufficient for the operation. Alternative means are described in the documentation of the Hostel service.
    
    
12. Has user's VO membership expired, the DS administrator usually makes user's data inaccessible by means of access permission setting. The VO administrator can negotiate other means of handling of data of expired VO members. Such means must oblige the Terms of Service of the DS as well as the purpose of the VO. Six months after the user's VO membership expired, the DS administrator is entitled to delete data of the user in the particular VO. The data is usually deleted after much longer periods of time when technically possible on the storage facility.
    
    
13. The user is obliged to use the DS services taking other users into consideration.
    
    
14. The user is obliged to protect access with non-trivial passwords. Such passwords must not be a derivative (i.e., a simple mutation) of the data available about the user, and/or a derivative of a name of a person, animal or thing (even for simple mutations).
    
    
15. DS administrators are allowed to test passwords strength. In case of a positive result, the user will be notified through the secure channel and is required to change his password without delay (user's access can be suspended until the password is changed).
    
    
16. The user is obligated to notify via email addressed to support(at)cesnet.cz if he/she is aware or suspecting that the infrastructure was compromised, misused, access passwords disclosed, or in case of other events which may indicate a security incident, such as strange account behaviour, appearance or disappearance of files and so on.
    
    
17. The user agrees that information about users and their usage of the infrastructure are archived for the purpose of administration, operation, statistics, monitoring, and security.
    
    
18. The DS administrator is authorized to regulate or deny access of a user for administrative, operation, and/or security reasons. Has the user violated the Terms of Service and security rules in a severe manner, the DS administrator may deny access of such user to the infrastructure permanently.
    
    
19. The user may not provide access to the infrastructure to another person disclosing user's credentials (passwords, private keys, and so on). The user is obligated to keep access credentials in secret.
    
    
20. The user may not use DS in way that violates any laws (in particular copyright law and the law on the protection of personal data). The user may not bypass and/or attempt to bypass any administrative and/or security measures for access to DS.
    
    
21. The user should not enforce migrating data from tape to disks if this data is not intended to be used immediately. The users are advised to consult transfers of unusually large amounts of data with the DS administrator in advance.
    
    
22. Mechanisms of quotas are deployed on the DS, limiting the amount of data that can be stored by the user. The main purpose of quotas is to increase protection against user errors that could interfere with infrastructure operation. Quotas do not guarantee that the space is actually available in the infrastructure. Guaranteed data space reservations are not provided to individual users. Space usage is monitored by the accounting system for technical reasons.
    
    
23. DS is operated in “best effort” mode. DS administrators put the best effort possible to guarantee security and availability of data services and to safely store and keep data in the infrastructure. DS administrators guarantee that the protection of the data and overall modes of operation are state of the art of data technologies deployed in similar infrastructures. The DS administrators also guarantee high technological and moral standards of the technical personnel. High availability and security of the data services is supported by hardware component redundancy, security policies of the hierarchical systems, backups of required user data and also by means of technical and system support that is held by the technology supplier in 24×7 mode. The storage system architecture was designed for top level data retention (up to 99.99999999 %). The DS administrators do not declare other formal guarantees except the “best effort” described above.
    
    
24. The DS administrator declares that the devices deployed in the infrastructure are located in the Czech Republic.
    
    
25. DS administrator is authorized to change these Terms. A new version of the Terms is published on the web of CESNET association at least one month before the Terms become valid.
    
    
26. The Terms are published in Czech and English versions. In case of different interpretations of language versions, the Czech version is binding and obligatory.