WiFi terms of use

Purpose

Avaloq and its Subsidiaries (Avaloq) are providing Internet access and WiFi for use in work-related activities for all guest and employees to do work related to Avaloq. This policy regulates the use of these IT resources and access to the Internet. It includes information on using systems securely and on the correct and secure processing of data.

Area of Application

This policy applies to all guests and employees of Avaloq companies, employees of external companies which have a contractual relationship with Avaloq (including consultants) and, as a matter of principle, everyone that Avaloq allows to use its IT resources. Subsequently called “user”.

Internet Usage

Ethical principles

User are expected to use the Internet responsibly and productively. The Internet may not be misused. In particular, the downloading and/or circulation of information with racist, pornographic or otherwise offensive or illegal content via the Internet is strictly prohibited and will be dealt with accordingly. All sites and downloads may be monitored and/or blocked by Avaloq if they are deemed to be illegal harmful and/or not acceptable.

Content disclaimer

By using Avaloq internet service, every user acknowledges and agrees that there are significant security, privacy and confidentiality risks inherent in accessing or transmitting information through the internet, whether the connection is facilitated through wired or wireless technology. Security issues include, without limitation, interception of transmissions, loss of data, and the introduction of viruses and other programs that can corrupt or damage computer and data. Accordingly, every user agrees that the owner and/or provider of this network is NOT liable for any interception of transmissions by computer worms or viruses, loss of data, file corruption, hacking or damage to their computer or other devices that result from the transmission or download of information or materials through the internet service provided.

Property rights

Information on the Internet is generally subject to copyright or other property rights. For this reason, no data (e.g. text, images) that belongs to a third party may be used unless it is altered in such a way that the copyright no longer applies.

Logging

Prerequisites for Logging

Frequently it is not possible to separate log data from a user name. This is why logging necessarily relates to individuals. When logging is carried out, the confidentiality of the content and the user is preserved within the framework of the requirements defined here.

Limitation on the use of log data

Log data is subject to stringent limits on how it can be used. It is only used for the purposes that gave rise to its being logged in the first place.

Within Avaloq the recording and analysis of user activities carried out by system software is used for the following purposes:

• To guarantee the security of data and systems
• To analyse and correct technical defects in the system
• To optimise the systems
• To ensure compliance with the "Acceptable Use Policy"
• To provide evidence if misuse is suspected
• For use in criminal investigations

4.2 Further Processing of Log Data

Log data may only be passed on either to the units defined under the current processes or, in some cases, to units specified by the Legal department.

In all cases the log files must be treated as confidential and must be protected accordingly against unauthorised access.

The following principles must be observed:

• All log files are to be analysed and checked in accordance with predefined criteria.
• Log files must not be inadvertently recycled, and existing entries must not be unintentionally overwritten (e.g. through "denial of service" attacks).
• Effective access restrictions must be implemented in line with the defined limits on the use of log data. The log files must only be available, logically and physically, to authorised individuals, and access of this kind must be logged accordingly.
• Employees are informed that random checks are carried out.

Access to Log Data

It there is a well-founded suspicion of misuse, Avaloq IT and the Security Officer are entitled to view personal data. However, analysis of this personal data requires approval by or on behalf of the Head of Human Resources and may only be carried out by defined individuals within the analysis process. Access to log data relating to an individual is restricted and is also logged.

Retention of Log Data

The retention period for log data is defined on the basis of the legal requirements and the data protection legislation. The standard to be applied here is the "necessity for performing the task in question". Log data may therefore be retained for a limited period for the purposes of securing evidence. Thereafter there is an obligation to delete the data.

The following regulations apply:

• Log files from servers and network components are to be retained in accordance with the available storage space. The recommended retention period is one to six months or as long as the files are required for operational security purposes.
• Log files resulting from access to log data relating to a specific individual are to be retained for one year.

The retention period and format are to be defined in binding terms for each type of log. If logs are generated for the purpose of targeted checks, shorter retention periods may be considered. As a rule, it is sufficient if the files are retained until the check is completed.

Misuse

Avaloq and its Subsidiaries understand "misuse" as any breach of this policy. Users must comply with this policy and are obliged to inform Avaloq IT or their line manager without delay if they suspect that misuse is occurring.

Sanctions

Non-compliance with this policy can result in damage (e.g. through breaches of personal rights, copyright, data protection or business secrets) for which those who have committed the offence can be held responsible under both criminal and personal law.

Exceptions

The regulation owner may waive, absolutely or conditionally, any requirements of this regulation on a case-by-case basis in exceptional circumstances.

Network and Internet usage guideline

By using Avaloq internet service, you hereby expressly acknowledge and agree that there are significant security, privacy and confidentiality risks inherent in accessing or transmitting information through the internet, whether the connection is facilitated through wired or wireless technology. Security issues include, without limitation, interception of transmissions, loss of data, and the introduction of viruses and other programs that can corrupt or damage computer and data. Accordingly, you agree that the owner and/or provider of this network is NOT liable for any interception of transmissions by computer worms or viruses, loss of data, file corruption, hacking or damage to your computer or other devices that result from the transmission or download of information or materials through the internet service provided.

Examples of Illegal Uses

1. Spamming and invasion of privacy - Sending of unsolicited bulk and/or commercial messages over the Internet using the Service or using the Service for activities that invade another's privacy.
2. Intellectual property right violations - Engaging in any activity that infringes or misappropriates the intellectual property rights of others, including patents, copyrights, trademarks, service marks, trade secrets, or any other proprietary right of any third party.
3. Accessing illegally or without authorization computers, accounts, equipment or networks belonging to another party, or attempting to penetrate/circumvent security measures of another system. This includes any activity that may be used as a precursor to an attempted system penetration, including, but not limited to, port scans, stealth scans, or other information gathering activity.
4. The transfer of technology, software, or other materials in violation of applicable export laws and regulations.
5. Export Control Violations
6. Using the Service in violation of applicable law and regulation, including, but not limited to, advertising, transmitting, or otherwise making available ponzi schemes, pyramid schemes, fraudulently charging credit cards, pirating software, or making fraudulent offers to sell or buy products, items, or services.
7. Uttering threats;
8. Distribution of pornographic materials to minors;
9. and Child pornography.

Examples of Unacceptable Uses

1. High bandwidth operations, such as large file transfers and media sharing with peer-to-peer programs (i.e.torrents)
2. Obscene or indecent speech or materials
3. Defamatory or abusive language
4. Using the Service to transmit, post, upload, or otherwise making available defamatory, harassing, abusive, or threatening material or language that encourages bodily harm, destruction of property or harasses another.
5. Forging or misrepresenting message headers, whether in whole or in part, to mask the originator of the message.
6. Facilitating a Violation of these Terms of Use
7. Hacking
8. Distribution of Internet viruses, Trojan horses, or other destructive activities
9. Distributing information regarding the creation of and sending Internet viruses, worms, Trojan horses, pinging, flooding, mail-bombing, or denial of service attacks. Also, activities that disrupt the use of or interfere with the ability of others to effectively use the node or any connected network, system, service, or equipment.
10. Advertising, transmitting, or otherwise making available any software product, product, or service that is designed to violate these Terms of Use, which includes the facilitation of the means to spam, initiation of pinging, flooding, mail-bombing, denial of service attacks, and piracy of software.
11. The sale, transfer, or rental of the Service to customers, clients or other third parties, either directly or as part of a service or product created for resale.
12. Seeking information on passwords or data belonging to another user.
13. Making unauthorized copies of proprietary software, or offering unauthorized copies of proprietary software to others.
14. Intercepting or examining the content of messages, files or communications in transit on a data network.

User compliance

The user accepts that violating of these terms of use may result in termination of access or disciplinary action and/or appropriate legal action.