Menu

Close

Quick links

Terms of Use

These Terms of Use apply to all Laurea equipment, IT services, and their use. They also apply to services and access rights obtained through Laurea.

Ohita sivuvalikko
Student’s Guide

Terms of Use

Reviewed by the Co-operation Negotiation Committee of Laurea University of Applied Sciences on 17 February 2021, updated 1 September 2025

1. Scope of the rules

Laurea has a duty to ensure the availability, confidentiality and integrity of the information required by all users and user groups belonging to the community in Laurea’s operations, and to provide a reliable and secure environment for information processing. It is also Laurea’s duty to enable students to progress smoothly in their studies, to ensure equal supervision and treatment, and to minimize abuse.

These and other rules have been drawn up to help users belonging to different groups identify the rights, responsibilities and obligations related to their access rights. Even inadvertent neglect of obligations related to access rights may endanger the integrity, confidentiality and/or availability of the data owned by users.

These rules apply to all information systems under the administration of Laurea or otherwise under Laurea’s responsibility and their use, and for users also to other services whose use or access rights have been obtained through Laurea. The rules also apply to workstations in general use at Laurea and to all devices connected to Laurea’s network.

All users of Laurea’s information technology must, in addition to the applicable regulations, comply with these and other rules and instructions observed at Laurea. Use that violates these or other rules concerning the use of information systems will be handled in accordance with Laurea’s sanctions procedure for IT violations.

The current version of the usage and other information security rules is published on the intranet on the pages of the IT services.

2. Updating the rules

Laurea’s terms of use are reviewed regularly to reflect changes in services or legislation. IT administration is responsible for monitoring and updating them.

3. General principles

Actions contrary to this guideline or to other policies and instructions concerning the use of an information system may result in temporary or permanent suspension of access rights.

The key principles guiding all use and the interpretation of the rules are:

  • All authorized users shall have access to reasonable and appropriate use of the services.
  • No harm or damage may be caused to devices, information systems, users or data on the communications network.
  • Privacy must be respected.
  • Use must comply with applicable regulations and be ethically acceptable.
  • Publishing, transmitting or distributing illegal or offensive material and unnecessarily burdening system resources is strictly prohibited.
  • Assigning devices provided by Laurea for work tasks to outsiders, e.g. family members, is prohibited.
  • Laurea work tasks must be carried out using devices provided by the employer unless otherwise agreed with the supervisor.

4. Restrictions on use

Laurea’s information systems are intended as tools for tasks related to studying, research, teaching or administration at Laurea University of Applied Sciences. Other use requires a separate agreement, e.g. a research permit.

Use of Laurea’s information systems and user accounts for political activity is prohibited. Exceptions are Laurea-related elections and the activities of staff trade unions, etc. Commercial use other than on behalf of Laurea is permitted only with a separate permit.

5. Personal use

Personal use is permitted to a limited extent and only insofar as it does not

  • cause harm to Laurea’s information systems, the data they contain, devices or users
  • necessitate changes to Laurea’s data processing environment
  • be in conflict with the rules and guidelines issued for a particular system or general use.

Sending or forwarding chain letters, advertisements, spam, fundraising or similar content by e-mail is prohibited.

Laurea e-mail addresses must not be used to register for services unrelated to work or studies.

Personal material must be kept clearly separate from material related to Laurea’s core activities. 

Staff must, to ensure their own privacy, keep personal material clearly separate from work-related material. Personal material should be stored in folders named so that the privacy is clearly evident (e.g. personal, private or private-matters).

6. User responsibility

All users of the services are responsible for the overall security of Laurea’s information systems and for using information only for purposes appropriate to their task/role.

  • Unauthorized acquisition or use of information in information systems, or attempts to do so, is prohibited. For example
    • creating lists or registers of users of Laurea’s IT services or their data
    • searching for and reading data and files containing confidential material
  • If a user accidentally gains access to information intended for others or belonging to others, exploiting, copying or distributing it is prohibited. Such an event must be reported to the system maintenance staff and/or the concerned user and a security notification must be made on the intranet (Act on Electronic Communications Services 917/2014).
  • Access rights must not be used to search for security vulnerabilities, unlawfully break encryption, monitor or copy or alter communications, or to intrude into other systems, directories or services.

All users must do their part to ensure common information security. This also concerns protecting one’s own privacy.

Observed or suspected information security shortcomings and abuses must be reported immediately in accordance with the given instructions. Laurea staff must complete mandatory information security and data protection training within one month of the start of employment. The training is part of the induction programme and the person is responsible for completing it within the deadline. Failure to complete the training has consequences and may result in the user account being locked until the training is completed. The training is carried out in a Canvas workspace, with a link available in the staff intranet.

Observed or suspected information security shortcomings and abuses must be reported immediately in accordance with the given instructions.

IT administration monitors the data processing environment and strives to protect all users from malware, spam and attempts to penetrate systems or individual workstations. Monitoring practices are described in the Principles for monitoring the data processing environment document. Users must also take care of information security by following the instructions provided, which are collected in the Security and Data Protection section.

In online teaching situations where a student’s competence must be reliably and authentically verified, separate proctoring methods may be used in accordance with the online teaching information notice. Use of user accounts is required in systems used for online teaching in accordance with the provided instructions.

IT administration takes care of backups of Laurea’s common information systems and their data. In addition, Laurea offers users the possibility to back up files (OneDrive), but is not responsible for damages caused by possible loss of files. Ultimately, the user is responsible for classifying their data and for backing it up.

The user has a duty of confidentiality regarding the content of systems, their usage methods, protection methods and features.

7. Connecting to Laurea’s network

Only devices owned by Laurea, approved and registered by the network administrator may be connected to Laurea’s internal communications network. When connecting devices to the network, the instructions given by IT administration must be followed. A separate wireless network is reserved for visitors’ own devices. Physical network connections are always handled by Laurea’s IT administration (e.g. workstations).

8. Access rights and user accounts

An access right to Laurea’s IT services is created when the user account is activated. Access rights and user accounts are activated independently using strong authentication. For users who cannot be identified electronically, a representative of Laurea’s staff will verify identity when handing over a user account.

The user is granted access rights to Laurea’s common information systems. The right is based on the user’s position at Laurea or it may, if necessary, be granted to a person not belonging to Laurea’s staff or student body, such as a visitor. A visitor may be granted limited rights to computers in shared use in Laurea premises.

Rights to systems with restricted use are granted separately on a case-by-case basis.

The prerequisite for an access right is that the user undertakes to comply with these rules and other instructions and regulations related to use. The user must familiarize themselves in advance with the user instructions and rules concerning the system.

  • The person is responsible for any harm or damage caused by the use of their account.
  • Falsifying identity and using another person’s account is prohibited.
  • Access rights are personal and must not be transferred.
  • If there is reason to suspect that a password has fallen into someone else’s hands, the password must be changed, Laurea Service Desk must be contacted immediately (tel. 09 8868 7112, servicedesk@laurea.fi) to block the identifier, and a security notification must be made.
  • Passwords must be changed periodically and must be sufficiently complex. IT administration forces password changes at regular intervals in accordance with current practices.

9. Validity of access rights

An access right expires:

  • when the user no longer has an employment or student relationship with Laurea
  • when a temporarily granted access right expires
  • when the user’s status changes so that there is no longer justification for access to that information system.

A user account is closed when

  • the access right for which it was granted ends
  • there is no longer a need for it
  • there is justified suspicion of its misuse or of a compromise of information security

Necessary measures before termination of access rights:

  • Staff must transfer work-related messages and files as necessary to the person agreed with the supervisor to ensure continuity of work. This also applies, where appropriate, to a student who has worked in e.g. research groups.
  • The user must ensure the proper transfer or deletion of the data owned by their user account.

10. Legislation governing the use of Laurea University of Applied Sciences’ information systems

  • Archives Act (831/1994)
  • Act on the Openness of Government Activities (JulkL, 621/1999)
  • Act on the Protection of Privacy in Working Life (TETSL, 759/2004)
  • Criminal Code (39/1889, Chapters 35:1,2 §; 38:2 §; 38:3−4 §; 38:8 §)
  • Constitution of Finland (731/1999, Sections 10-12)
  • Copyright Act (404/1961)
  • Universities of Applied Sciences Act (932/2014)
  • Data Protection Act (1050/2018)
  • EU General Data Protection Regulation (2016/679)
  • Act on Electronic Communications Services (917/2014)
  • Act on the Management of Government’s Information (906/2019)

11. Guidelines

12. Appendices (links missing, should they be links or attachments)

  • Principles for monitoring Laurea’s data processing environment
  • Sanctions procedure for IT violations