���Ҵ�ý

���Ҵ�ý Technology Terms of Service

Background

These Terms of Service (“Terms”) apply to all individuals (“End Users”) using ���Ҵ�ý’s network, technology services, computing equipment, telecommunications systems, and other technology or communications platforms (“Services”). Unless otherwise stated, the Terms apply to all ���Ҵ�ý (“���Ҵ�ý”) End Users and Services.

Purpose

These Terms summarize the expected and appropriate use of ���Ҵ�ý Services. In some cases the Terms reference other applicable ���Ҵ�ý policies. End Users must comply with all applicable ���Ҵ�ý codes of conduct and policies when using the Services, including any ���Ҵ�ý policies not referenced here.



By using ���Ҵ�ý Services, End Users agree to these Terms, including the policies referenced herein.

If you have questions about these Terms, contact the ���Ҵ�ý Technology & Innovation (T&I) Support Center (704-894-2900, ti@davidson.edu, ).

Policy

Terms for All End Users

1) Purpose of Services: All Services are intended for academic, administrative, and non-commercial purposes related to the mission, objectives, and operations of ���Ҵ�ý. Accordingly, End Users should use ���Ҵ�ý Services in a manner appropriate for their intended use and in accordance with the College’s Statement of Purpose.

2) Requesting Exceptions to the Terms: These Terms include restrictions on the uses of Services to ensure that all Services are available for all End Users to the greatest extent possible. However, ���Ҵ�ý’s teaching, learning and research mission may from time to time contemplate uses of Services that would not comply with these Terms. ���Ҵ�ý T&I is committed to working with End Users to find alternative means of supporting such needs wherever possible. End Users concerned about a conflict between their desired uses of Services and these Terms should contact the T&I Support Center in advance to discuss any needed exceptions to these Terms or other policies.

3) Inappropriate Use of Services Prohibited: End Users must not use ���Ҵ�ý Services:

• For unethical, illegal or criminal purposes;

• For personal economic gain or unauthorized commercial purposes;

• In any manner that violates ���Ҵ�ý’s codes of conduct or policies, including those on discrimination and harassment. 

4) Examples of Inappropriate Use of Services: Inappropriate uses of Services include, but are not limited to:

• Creating, viewing, publishing, transmitting, recording, or storing any content or data that violates federal, state or local laws;

• Sending deceptive and false emails or electronic communications, or engaging in activities to defraud or trick someone;

• Sending "spam," chain letters, or any other type of unauthorized widespread distribution of unsolicited email (see ���Ҵ�ý’s guidelines on sending mass emails);

• For employees, using ���Ҵ�ý Services to support or oppose any candidate, party, or issue in an election for office or party nominations (see ���Ҵ�ý’s policy on political activity in the Employee Guide);

• Accessing, deleting, or modifying content including files and information to which the End User is not authorized;

• Gaining unauthorized access to or interfering with the operation of ���Ҵ�ý Services;

• Interfering with the normal and reasonable use of ���Ҵ�ý Services by others whether via ���Ҵ�ý-owned or personally-owned devices;

• Using ���Ҵ�ý services (such as ���Ҵ�ý’s network or computers) to gain unauthorized access to or interfering with non-���Ҵ�ý IT systems, websites and other Internet-accessible resources;

• Except where explicitly authorized by T&I, probing or scanning ���Ҵ�ý Services for security vulnerabilities or taking actions that may compromise the data or privacy of others (such as network packet captures) without the explicit authorization of T&I (see Section 11 below for more information);

• Copying or stealing computer software or proprietary information, or violating the copyrights of others (for more information, see the College Copyright Policy and guidelines);

• Deliberately altering or damaging ���Ҵ�ý Services, ���Ҵ�ý-owned devices, or the personally-owned devices of others.

5) Limited Personal Use Permitted: Reasonable personal use of ���Ҵ�ý-owned Services (such as computers and phones) with the approval of an employee’s supervisor is permitted, as long as it is performed in a safe, secure manner that otherwise complies with these Terms and other College policies.

6) Services Ownership and Privacy Expectations: Content on the Services may include ���Ҵ�ý-owned information (like college records and data) as well as information ���Ҵ�ý does not own (like student course submissions or content subject to the ���Ҵ�ý Intellectual Property Policy). In either case, ���Ҵ�ý Services are owned, operated and controlled by the College, and authorized staff including authorized third-party service providers may inspect and monitor Services including their content when necessary to responsibly manage and secure the Services or in response to authorized requests. 

• ���Ҵ�ý staff do not routinely inspect the content of emails, files and other content on the Services, but as the owner and operator of the Services, ���Ҵ�ý does reserve the right to do so without advance notice to or the consent of End Users. End Users should have no expectation that any information created, transmitted, recorded, stored or posted on the Services will remain private. 

• ���Ҵ�ý implements and uses automated security services to detect and block Internet sites, email messages, and other content that are known or likely to contain malware or other information security threats.

• ���Ҵ�ý maintains activity logs on ���Ҵ�ý Services in accordance with technology and security best practices. (See the Log Retention Guidelines for details.)

• For more details, see the College Access to Electronic Communications Policy.

7) End User Credentials: Access to most ���Ҵ�ý Services requires a username/email address and multiple security factors (such as a password and a cell phone or security key). End Users may never post or share their credentials with other persons, including parents and family members, and must contact ���Ҵ�ý’s T&I Support Center if they believe their account or credentials have been lost, stolen or compromised. Some Services are available to college guests or parents using separate login methods.

• ���Ҵ�ý staff may temporarily suspend End User accounts, devices or access to Services if we suspect or detect evidence of password or account compromise or other threats to the security of our Services.

8) Security and Configuration of Connected Devices: ���Ҵ�ý provides network, internet and related telecommunications services to End Users, including to ���Ҵ�ý-owned devices assigned to or used by them, and to End Users’ personal devices. Devices should be connected to the appropriate wireless or wired network for that type of device.

• ���Ҵ�ý-owned devices are managed and secured by authorized ���Ҵ�ý staff. End Users are not permitted to disable, circumvent or change security and management settings on these devices.

• End Users may connect allowed personally-owned devices to network services, and are responsible for ensuring the devices have the latest security updates provided by the manufacturer or software vendor and, where appropriate, updated anti-virus and security software. 

• End Users may not connect devices running end-of-life, unsupported, or insecure software to the ���Ҵ�ý network or Services. ���Ҵ�ý may disconnect or deny network access and other Services to such devices.

• Some devices may never be connected to the ���Ҵ�ý network, or connected only with permission. Consult the  (���Ҵ�ý login required) or contact the T&I Support Center for more information.

• While ���Ҵ�ý staff make every effort to deliver network services that are secure, ���Ҵ�ý cannot guarantee that malicious users or other parties are unable to intercept electronic communications. All users of network services should use secure, encrypted protocols and technologies for communications and applications, particularly those where End Users or ���Ҵ�ý are at risk if communications are breached or intercepted.

9) Telecommunications Services: ���Ҵ�ý is not responsible for cellular/mobile phone connectivity services provided by cell phone providers, and End Users should be aware that there is no guarantee of uninterrupted coverage on campus. Areas of no cellular coverage may exist in some places. ���Ҵ�ý recommends that End Users enable “WiFi calling” or equivalent features on their mobile phone if supported by the carrier. End Users are responsible for ensuring that they register an E911 location/address with their carrier as required.

• Employees who are issued a campus telephone number and/or desk phone are responsible for updating their E911 location when they change office/work locations by contacting the T&I Support Center or updating their location in the phone system through self-service means, if available. 

• ���Ҵ�ý reserves the right to contact End Users by phone, SMS or similar methods to verify or restore End User access to Services or for other operational purposes as appropriate.

10) Personal and Departmental Internet/Web Services and Domain Names: ���Ҵ�ý provides web hosting services for personal identity and other types of content. The End User requesting such services, or their department, is responsible for ensuring these services comply with the Terms.

• Any subdomain of davidson.edu (such as somesite.davidson.edu) or any domain name that implies a ���Ҵ�ý affiliation (such as somedavidsondepartment.org) must be approved by College Communications or their designee.

• All publicly accessible websites affiliated with or linked to by the college must comply with ���Ҵ�ý policies on accessibility. (See the Web Accessibility policy.)

• All websites or Internet-facing services affiliated with or hosted by the college must be hosted in a location approved by T&I. The developer of the website/service is responsible for the effort and costs to update the site over time, including ensuring that security vulnerabilities are addressed in a timely fashion to T&I standards, and addressing end-of-life or obsolete technologies. 

• Restricted or Confidential data as classified in the Data Security Policy may not be hosted on personal/departmental Internet services or websites without the explicit permission of T&I.

• Sites and services that do not meet these requirements may be limited to on-campus use only or disabled, as appropriate.

11) Reporting Security Issues or Malicious Content: End Users who receive a potentially malicious or dangerous email (such as one seeking to steal ���Ҵ�ý credentials) or emails or other content containing viruses or malware should immediately report the event to the T&I Support Center. End Users who encounter a vulnerability or security issue in a ���Ҵ�ý Service must cease using the Service immediately and contact the Support Center. Abuse or exploitation of vulnerabilities on ���Ҵ�ý Services is explicitly prohibited.

12) Compliance with Export Control Laws: ���Ҵ�ý provides Services primarily for our operation as a residential liberal arts campus. Students, faculty and staff who access Services outside the United States or transport College-owned technology equipment internationally are responsible for understanding and complying with export and import regulations, including those that prohibit transporting or using encryption or other regulated technologies in prohibited countries. Contact the College’s office of general counsel for more information.

13) Non-Compliance with These Terms: ���Ҵ�ý may temporarily or permanently suspend End User access to some or all Services for actual or potential violations of these Terms or other ���Ҵ�ý policies, or as required by law. End Users in violation of these Terms or ���Ҵ�ý policy may also be subject to further disciplinary action by ���Ҵ�ý and/or the Honor Council, as well as legal action by the proper authorities where violations of state or federal law are involved.

Additional Terms for ���Ҵ�ý Employees (Including Student-Employees)

The following Terms apply to ���Ҵ�ý faculty, staff, contractors and other employees, including student-employees in their employment capacity.

14) Responsibility for the Security of ���Ҵ�ý Information: Information, data and other content that is owned by ���Ҵ�ý is intended solely for the authorized use of employees to conduct ���Ҵ�ý business. All employees are responsible for ensuring they are accessing, using and storing data in accordance with ���Ҵ�ý policy. 

• Some ���Ҵ�ý information is protected by law, regulation, contract, or ���Ҵ�ý policy in ways that restrict its use, access, download and sharing. 

• All employees who may access or create non-public information or information about persons other than themselves are expected to read, understand and comply with the Data Security Policy and Data Privacy Statement.

• ���Ҵ�ý employees with access to Restricted and Confidential information as defined in the Data Security Policy must transmit and store such data only on approved, encrypted Services and encrypted ���Ҵ�ý-managed devices only; may not store such data on personally-owned devices; and should use additional security such as encryption or VPN when transferring or accessing such information over public networks;

• All employees or students who are responsible for maintaining or managing information systems (including IT systems, servers, applications or other technology services that use ���Ҵ�ý Services including hosting and the campus network) are expected to read, understand and comply with the Information Systems Security Policy.

15) Responsibility for the Security of ���Ҵ�ý Services including Computers/Devices: All employees with access to ���Ҵ�ý Services are responsible for exercising appropriate caution and following best practices to ensure the security of such Services, including but not limited to any laptop, desktop or other computer issued to them. This includes:

• Physically securing computers and devices, including securing one’s workspace and taking special care with portable devices to avoid their theft or loss;

• Returning any devices or removable media to T&I when no longer needed or at end of employment to ensure it is securely erased or destroyed in accordance with ���Ҵ�ý standards;

• Accepting and installing operating system, software and other updates on devices and other Services in a timely manner to minimize security vulnerabilities and protect device and Services from compromise;

• Not circumventing any cybersecurity and backup software implemented by T&I on devices and Services;

• Requesting approval from T&I before implementing any technologies allowing devices on the campus network or other Services to be accessed from outside the campus network (e.g. remote control software);

• Logging off Services and devices when no longer in active use, and locking devices when stepping away from an office or workspace so that others may not access them;

• Reporting any security concerns in a Service or device in a timely fashion.

16) College Purchases of Technology: T&I is responsible for all technology purchases at ���Ҵ�ý.

• All ���Ҵ�ý-owned technology devices (including computers, servers, tablets, research equipment, etc.) must be purchased by ���Ҵ�ý T&I regardless of funding source, and must be returned to ���Ҵ�ý at the end of its service lifespan or when its assigned End User is no longer affiliated with ���Ҵ�ý. For more details, see the Computer Workstation Purchasing policy.

• All other Services (including software applications hosted at ���Ҵ�ý as well as IT services provided and hosted by a third-party or vendor) must be reviewed and approved by T&I. No contract involving technology may be signed without review of the Chief Information Officer or their designee. For more details, see the ���Ҵ�ý Technology Purchasing Guide.

17) Termination of Access Upon Departure: All access to ���Ҵ�ý Services ordinarily ends automatically following the end of a faculty or staff appointment at the college. Accounts are deactivated and later deleted according to an automated schedule based on role and date 

of departure; contact the T&I Support Center for details. It is the responsibility of departing faculty and staff and their supervisors to arrange the orderly transition of files, emails and other content from the employee’s account for ongoing departmental or college use. The College Access to Electronic Communications Policy (requires ���Ҵ�ý login) also provides for supervisors, managers and department chairs to access departed employees’ files and other content before account deletion if required.

• Faculty who are granted emeriti status may be eligible to retain access to select Services including their email account and a computer. During the transition to the applicable emeriti status, the faculty member must work with T&I to ensure that any confidential College data are transferred securely or erased and no longer accessible, and any College software is removed from computers that are used off campus. Additionally, any technology products or services (such as websites, apps or other services) developed or maintained by retiring faculty should be transitioned to another responsible faculty member or department for ongoing maintenance, or should be archived during the transition process.

• Managers who wish to maintain departing employees’ access beyond their last day worked may request guest access, but should contact Human Resources to ensure that any needed contractor agreements, non-disclosure agreements, etc. have been signed.

18) Guest Access: Authorized End Users may request access for guests, contractors, vendors and others requiring credentials to access ���Ҵ�ý Services. The End User who approves and sponsors such access (“Sponsor”) is responsible for ensuring that Sponsored Guests comply with all ���Ҵ�ý policies including these Terms, and for terminating credentials and all access to Services when no longer needed.

19) No Unauthorized Third Party Disclosure: Employees receiving subpoenas, legal demand letters, law enforcement requests, or other inquiries for data or information from ���Ҵ�ý Services may take no action on such requests without the approval of their division head and/or General Counsel.

Administration of Policy

The CIO shall oversee this policy and review it at least once every two years. Changes to this policy shall be made in accordance with the college’s Policy on Policies.

Last Revised: April 2022