Skip to content
⚠️ Warning: Extraordinary electrical maintenance – Scheduled shutdown of the Cloud garr-ct1 region (Catania) from 22 to 29 July 2025. For more details, please read the maintenance notice.

Terms of Use and Access to the GARR Cloud

This document describes the characteristics and conditions for accessing the GARR Cloud and its services (hereinafter also referred to as Services). It constitutes Annex 2 to the Agreement for access to cloud resources signed by GARR and the University/Entity that adheres to the agreement, hereinafter generally referred to as University/Entity.

Premises

  1. GARR Cloud Technical Support. This is the technical group that administers and manages the resources of the GARR Cloud.

  2. Domain. A "Domain" is assigned to the University/Entity, to which all the resources assigned to it refer.

  3. Project. The resources within each domain are distributed across one or more projects. Each project may, in turn, contain sub-projects. Platform users access the projects assigned to them. The structure thus defined is called a Virtual Data Center (vDC).

  4. Domain Administrator. The University/Entity shall designate a person as "Domain Administrator", who will be granted rights to perform administrative tasks for the Domain’s resources, in particular the creation/deletion of projects and sub-projects, redistribution of quotas, and assignment/revocation of users to (sub-)projects. The Domain Administrator is also the point of contact for the University/Entity regarding security incident reports from GARR-CERT, CERTs of other organizations, and judicial authorities as communicated by the GARR Cloud technical support.

  5. Management and Security. The management of the infrastructure used to provide the Platform is certified according to ISO 27001 standards, applying procedures to (i) ensure the security of the infrastructure and the confidentiality of the Application and User Data, (ii) protect against known hazards or threats to the security or integrity of the Application and User Data, and (iii) protect against unauthorized access to or use of the Application and User Data.

  6. Data Location. If requested, the Domain Administrator may be given the option to select a geographical region, among those available, where the storage and computing infrastructure hosting the Services provided to the University/Entity is located. In any case, the available geographical regions are located within Italian territory.

  7. User. The Services are intended for the Italian academic and research community (students, professors, researchers, collaborators, etc.) and are offered only to users of the University/Entity who request registration ("Account" request), using one of the Identity Providers accepted by the Platform. The Domain Administrator of the University/Entity may assign users to projects.

  8. Account. Each user of the cloud platform is assigned an Account to use the Services and authorization Tokens to perform specific operations. The User is responsible for the security and use of their Account.

1. Proper Use (Acceptable Use Policy - AUP)

Users and the Domain Administrator are responsible for the activity that occurs within the projects assigned to them. The University/Entity and its Users must not use any method to circumvent these Terms of Use or to obtain resources exceeding those agreed upon with GARR and must use only those computing, memory, storage, and IP address resources assigned by GARR.

A User associated with a Domain who suspects or becomes aware of unauthorized use of their Account must immediately notify the Domain Administrator and GARR technical support.

The GARR Cloud Services are made available to the University/Entity to support its institutional educational, research, and academic activities. The use of the Services must comply with these Terms of Use and the GARR Network AUP. It is expressly prohibited to use the Services in any way:

  • That violates applicable laws.
  • That is inappropriate, defamatory, offensive, harassing, threatening, or obscene.
  • That infringes any patent, trademark, copyright, trade secret, or other proprietary rights of any party.
  • That sends pyramid schemes, chain letters, or unsolicited messages or advertisements.
  • That promotes or facilitates illegal activities and/or incites violence against any group or individual.

Any harmful use of the Services that hinders the use of the Services themselves or other third-party services, or exploits vulnerabilities to gain illegal access to systems or for data theft, is prohibited. Specifically but not exclusively:

  • It is forbidden to act in any way to inhibit or block services, servers, or networks interconnecting them or to violate the procedures, policies, or regulations of such networks.
  • Any action or attempt to violate the Platform’s authentication and authorization mechanisms is prohibited.
  • It is forbidden to spread malware and/or computer viruses for any purpose, such as exploiting vulnerabilities or data hijacking.
  • It is forbidden to expose any vulnerability that could enable harmful activity, even if not directly related to the software hosted on the platform (e.g., Attack reflection, DDOS).
  • Port Scanning, Network Scanning, Denial of Service, and Distributed Denial of Service attacks are prohibited.
  • The use of the Services for phishing activities is prohibited.
  • Hosting servers that distribute unauthorized traffic, such as open relays or TOR exit nodes, is prohibited.
  • Cryptocurrency mining and any long-running computational programs (e.g., Bitcoin, etc.) are prohibited.
  • It is forbidden to use/maintain any game servers.
  • Supporting third parties in illegally violating the Services or in any way contrary to these Terms of Use is prohibited.
  • Removing any copyright, trademark, or other proprietary notices for any content used within the Services is prohibited.

Users may not use the Services in violation of third-party copyrights, trademarks, patents, or trade secrets, nor may they use the Services to publish such materials in a way that would make them publicly visible in violation of the law.

The University/Entity and its users are responsible for ensuring that the distribution and use of software through the GARR Cloud computing resources comply with the license and usage terms of the software's intellectual property owner.

3. Suspension or Termination

If the University/Entity and/or the Domain Administrator become aware of, or are informed by GARR Cloud technical support that an Application, Project, or Data violates the AUP or these Terms of Use, they must immediately suspend the Application and remove the relevant Data (if applicable). In cases of violations requiring particular urgency, GARR shall have the right to disable the Project or Application and/or immediately disable Accounts (as applicable) until the violation is corrected.

4. Privacy

The processing of personal data is carried out in full compliance with privacy regulations under applicable Italian and European laws, in particular the General Data Protection Regulation (GDPR - EU Regulation 2016/679).

Further details on the processing of personal data are described in Annex 4 to the Agreement for access to the GARR Cloud.

5. Warranties and Limitation of Liability

GARR assumes no responsibility for the content and data distributed through the Services. The responsibility for the legality of the content/data or the means of their use rests solely with the University/Entity.

GARR will take all reasonable and necessary measures to prevent abuse, damage, loss of content and data, and even temporary unavailability; however, GARR cannot exclude such possibilities and assumes no responsibility in any case. The University/Entity, through its Administrator and Users, must protect its data by performing its own backups in the manner deemed most appropriate to mitigate the risk of loss. GARR cannot be held liable under any circumstances for data loss or unavailability for any duration during the use of the Services, nor for consequential damages. Furthermore, GARR does not guarantee nor assume any responsibility for the accuracy of data available through the Services.

Opinions expressed in texts published through the Services do not represent the official opinions of GARR, which cannot be held responsible for their content.

GARR does not control or monitor in any way the content of distributed information and data, therefore GARR disclaims any responsibility for the possible distribution on its network of products, services, or content whose ownership or distribution constitutes a copyright violation or other offense. GARR evaluates requests for Cloud resources and services following the applicant’s execution of a risk analysis and assessment process for personal data processing security, pursuant to Article 32 of the GDPR, according to a methodology indicated by GARR, such as the one proposed by ENISA. GARR reserves the right to reject the request if the risk emerging from the aforementioned process is deemed unacceptable. The requesting entity must perform a new risk assessment and promptly inform GARR in case of modifications.

6. Confidentiality

The user of the University/Entity must keep confidential all confidential information to which they are granted access and shall cooperate with GARR’s commitment to maintaining confidentiality. The user of the Entity must not publish or distribute to third parties information or documentation provided by GARR for the operation and maintenance of its systems, including materials contained in quotations, invoices, work orders, or other similar materials.