EULA
version: OMNIA_001
1. |
TERMS AND CONDITIONS FOR PARTICIPATION IN THE TURRIS PROJECT (DATA COLLECTION) |
1. |
THE SUBJECT AND PURPOSE OF THE PROJECT
|
1.1. |
The TURRIS Project is a research project of CZ.NIC, z. s. p. o. Association, with Business ID No. 67985726,
and headquarters at Milešovská 1136/5, Prague 3, Czech Republic (hereinafter as "the CZ.NIC Association").
The purpose of this project is to protect home networks via a special router
(the TURRIS OMNIA router, hereinafter as the "Device").
|
1.2. |
The Device enables the execution of remote automatic updates and monitoring, analysis and collection
of information on security incidents related to computer networks, particularly the Internet.
Detailed information is available on the project website www.turris.cz.
|
2. |
PARTICIPATION IN THE PROJECT (DATA COLLECTION)
|
2.1. |
The Owner or user of the Device (hereinafter referred to as the "Owner") participates in the project
under these terms and conditions by actively volunteering to enable data collection, which is performed
by enabling this feature in the user interface. By turning this feature on, the Owner agrees with
the Device‘s involvement in monitoring, analysing and collecting information in accordance
with these terms and conditions, and undertakes to allow the CZ.NIC Association to perform activities
described in these terms and conditions throughout the duration of participation in the project.
|
2.3. |
The Owner is entitled to terminate their participation in the project at any time without giving a reason,
by disabling the feature on the Device interface.
|
2.4. |
The CZ.NIC Association is entitled to terminate the Owner’s participation in the project or the project itself
at any time without giving a reason, even without prior notice to the Owner.
|
3. |
DATA COLLECTION BY THE DEVICE
|
3.1. |
The CZ.NIC Association is authorised to monitor and collect data passing through the Device for the purpose
of security analyses and generating statistics. The following data will be monitored and collected:
|
|
3.1.1. |
data identifying the communication protocol, the source and destination (technical description - data at the level
of packet headers especially allowing to differentiate IPv4/IPv6 or TCP/UDP, packet type, to identify the source
and destination address, source and destination port, time of the communication)
|
|
|
3.1.2. |
data from the application layer, that have the nature of metadata (e.g. the contents of the DNS packets,
HTTP protocol header, certificates used within the initialisation of TLS connection, etc.), solely provided
that they are essential for the security analysis and under the conditions set out in Article 3.2,
|
|
|
3.1.3. |
session statistics, including packet size, the protocol used, the volume of data transferred under a single session and
|
|
|
3.1.4. |
data from the logs of unauthorised accesses from the firewall to the extent corresponding to the Article 3.1.1.
|
|
3.2. |
The monitored and collected data will not include the content of communication (the internal packet content).
The CZ.NIC Association undertakes not to monitor or collect data on the content of communications,
including personal data, passwords and the like, which are contained in the transmitted packets,
with the exception of data analysis according to Article 3.1.2.
|
3.3. |
For the purposes of testing the network connectivity (e.g. the analysis of the network service availability)
the CZ.NIC Association shall be entitled to establish a connection between the Device and third party network devices.
The CZ.NIC Association undertakes to keep the volume of the such generated data streams to the necessary minimum
and not to use this service in conflict with the rights and legitimate interests of the owners/operators of the target devices,
as well as the Owner.
|
3.4. |
The CZ.NIC Association is only entitled to monitor and analyse the network traffic between the internal network and the Internet,
the traffic within the internal network is not monitored in any way, nor analysed.
|
3.5. |
The CZ.NIC Association is also entitled to collect, monitor and analyse technical data regarding the Device status, in particular:
|
|
3.5.1. |
Data on temperature, voltage and current from the Device´s internal sensors,
|
|
|
3.5.2. |
the use of CPU and RAM, capacity and health (i.e. bad blocks) of internal flash memory,
|
|
|
3.5.3. |
errors (application log listings) in software pre-installed by the CZ.NIC Association or software installed
by the CZ.NIC Association in the Device during the Owner’s participation in the TURRIS project.
|
|
4. |
MANAGEMENT WITH THE OBTAINED DATA
|
4.1. |
The CZ.NIC Association undertakes to analyse the data to the maximum possible extent directly in the Device
if possible with respect to the analysis nature, and to only transfer results obtained from such analysis
to servers under the direct supervision of the CZ.NIC Association. In other cases, only the data that cannot be
directly processed on the Device will be transferred to servers under the direct supervision of the CZ.NIC Association.
Data transfer from the Device to servers under the direct supervision of the CZ.NIC Association will take place
over an encrypted connection with explicit checking of the server certificate.
|
4.2. |
The CZ.NIC Association undertakes to store the data obtained from the Device within a dedicated data repository,
accessible to only a limited number of employees of the CZ.NIC Association authorised to carry out the tasks
under these terms and conditions.
|
4.3. |
Data collected for analysis purposes will be stored separately from the database of Owners. During the analysis,
the CZ.NIC Association employees have no access to the information about the Owner, but only to the unique identification
of the Device. Connecting the information obtained through the Device, and the identity of the Owner is only possible
for displaying the selected information (especially logs and statistics) to the Owner via a web interface of the project,
or to inform the Owner about a possible security incident or threat where, for example, the risk is of such a nature
that informing about the results of the analysis using the general form of communication would be insufficient.
|
4.4. |
The CZ.NIC Association is entitled to store and process the obtained data only during the period of time necessary for the analysis
and processing thereof, but not longer than 10 days (unless the user sets otherwise in the project web interface) from their acquisition
from the Device. After that time the CZ.NIC Association is entitled to store and process only aggregated data not allowing
simultaneous identification of the source and destination of the communication. This obligation does not apply to the technical data
described in Article 3.5 of these terms and conditions, which the CZ.NIC Association is entitled to store and process without restriction.
|
4.5. |
The CZ.NIC Association is entitled to provide data to third parties, in particular to inform them about potential security risks,
but always in such a manner that such data does not allow for any unambiguous identification of the Owner. Third parties may also
be provided with data obtained by analysing traffic on the Device for the purpose of further research, development and information sharing
which is important to the objectives of the project under these terms and conditions (e.g. the exchange of data concerning malware).
In such cases, however, the data must always be anonymised, making it impossible to identify a specific Device from which they came from,
or their Owner.
|
4.6. |
The CZ.NIC Association undertakes to provide a statistical overview of information to the Owner derived from the data collected
on the Device upon their request. This overview will also be available to the Owner on the user site of the project.
|
4.7. |
The CZ.NIC Association is not liable for any damage incurred by the Owner as a consequence of suspicious data flows,
malicious network traffic or external attack. The purpose of the Device is primarily monitoring, analysis and
collection of information about security incidents, research activities in the area of network security and activities
leading to improvements in this area. In any case the CZ.NIC Association does not provide to the Owner with protection
against network attacks, malicious data flows and other security incidents that may occur within the Internet network.
|
5. |
OBLIGATIONS OF OWNER'S INVOLVED IN THE PROJECT
|
5.1. |
In the event that the Owner allows the Device to be used by other people, then they are required to inform such people
about the Device features under these terms and conditions, and also on the extent and manner of handling the data obtained
under these terms and conditions.
|
5.2. |
The Owner acknowledges that any modifications or changes to the Device’s software system (e.g. installation of additional software)
may limit or completely prevent from working the functionality described in these terms and conditions.
|
5.3. |
The Owner acknowledges and agrees that, for the purposes of fulfilling the subject and purpose of the project,
under these terms and conditions, there will be data transfers to and from the Device. The volume of such transfers
is made available on the Project user site, at least for the previous time period (usually a calendar month),
and it usually does not exceed 500 MB per calendar month. All payments for data transfers through the Device,
will be paid for by the Owner in full, and the Owner shall not be entitled to any refund of the costs or any part
thereof from the CZ.NIC Association.
|
5.4. |
The Owner is not entitled to interfere in any way with communications between the Device and the CZ.NIC Association servers,
nor to communicate with the CZ.NIC Association servers designed to collect data from the Device outside the automatic communication
between the Device and these servers.
|
6. |
PERSONAL DATA PROCESSING
|
6.1. |
The Owner declares to be thoroughly acquainted with the subject and purpose of the project in accordance with these terms and conditions
and objectives of the project, and agrees to the processing of their personal data which the CZ.NIC Association obtains
under these terms and conditions to the extent necessary to achieve the subject and purpose of the project under these terms and conditions.
The Owner also declares that the data provided are correct and undertakes to notify their changes to the CZ.NIC Association
without undue delay.
|
6.2. |
The Owner is entitled to ask the CZ.NIC Association for information regarding the processing of their personal data,
which shall be provided without undue delay.
|
6.3. |
Should the Owner discover or suspect that the CZ.NIC Association is processing the Owner´s personal data that is inconsistent
with the protection of private and personal life or in conflict with the applicable legislation, especially if the data are inaccurate
with regard to the purpose of their processing, the Owner is entitled to require explanations from the CZ.NIC Association, as well as
removal of the situation (especially by blocking, correcting, supplementing or destroying of the personal data).
|
6.4. |
The Owner agrees to the use of their e-mail address for sending information about the project and other the CZ.NIC Association
activities related to the project. The information will not be sent more frequently than once a week and the Owner will have
the option to refuse their further sending in accordance with law.
|
6.5. |
The Owner acknowledges that the analyses under these terms and conditions are advisable to be carried out on the largest possible range
of the Devices in various types of networks. It is therefore recommended to use the Device as the main access point to communicate
with the Internet, in accordance with its purpose, throughout the duration of participation in the project, 24 hours a day, 7 days a week,
preferably under a public IP address. If the Owner places any other network element, for example modem, in front of the Device,
it is recommended to configure this device to be fully transparent in terms of network traffic.
|
7.1. |
Communication between the Owner and the CZ.NIC Association is done electronically through the e-mail address of the Owner provided
during the registration process in the project. For communication with the CZ.NIC Association the following e-mail address
info@turris.cz is used.
|
7.2. |
The CZ.NIC Association is entitled to change these terms and conditions at any time. CZ.NIC is obliged to disclose
the change in these terms and conditions at least one month before the effective date of such change, by publishing
the changes on http://www.turris.cz and notification displayed in the Device’s web interface
and notification of this change sent to the email address of the Owner. The Owner is entitled to refuse the changes
in these terms and conditions by terminating the participation in the project in accordance with Article 2.3 of
these terms and conditions. If the Owner continues to participate in the Project after the effect of changes
in the terms and conditions, then they agree with the change.
|
7.3. |
Any amendments, reservations, limitations or variations to these terms and conditions are excluded.
|
7.4. |
The relationship between the CZ.NIC Association and the Owner is governed by the laws of the Czech Republic.
|
Do you want to join the project?
Join in!