The Italian Node has been formally established as a Joint Research Unit (JRU), coordinated by the National Research Council (CNR), and includes several universities, research institutes, and public providers of Cloud and High Performance Computing (HPC).
ELIXIR-IT makes available, also to third parties (hereinafter Users), the use of Cloud Resources and data storage.
Hereinafter, “Resources offered by the ICT infrastructure of ELIXIR-IT,” within the shared services through the Compute Platform of ELIXIR-IT, refers to resources provided in IaaS, PaaS, SaaS, HPC, and data storage modes.
Access to the Platform is granted under the conditions listed in the Acceptable Use Policy, Terms of Use, QM Policy, and ELIXIR-IT Services Privacy Policy documents.

  1. The User declares to possess all the necessary technical knowledge to use the Resources provided by ELIXIR-IT and commits to ensuring that all those to whom they may grant access comply with the provisions set forth in this document and the documents listed in paragraph 3, indemnifying and holding ELIXIR-IT and the Service Provider harmless from any claims or demands for damages from anyone that may arise due to the violation of the aforementioned provisions and, in any case, due to the behavior of the User and/or the individuals to whom they have allowed access to the resources.
  2. Authorization for access is granted by the Service Manager or their delegate for a limited period corresponding to the duration of the relationship under which the use of the provided IT resources is permitted.
  3. The log files related to access to the services provided will be stored for a period of six months and made available to the Judicial Authority (AJ).
  4. The User/System Administrator is permitted to use the Resources in accordance with and within the limits of the Project/Agreement/Contract for which access has been granted.
    Therefore, it is prohibited:
    a. To use the Resources for commercial purposes or for profit, transmit commercial or advertising material (spamming), or allow third parties to use the Resources for these activities.
    b. To engage in activities that could damage, destroy, or compromise the security of the Resources or that are aimed at violating confidentiality and/or causing harm to third parties.
    c. To engage in activities aimed at circumventing the provisions of this document or those in paragraph 3 of this document or to obtain services in excess of those contracted.
    d. To use IP addresses other than those assigned.
    e. To create, transmit, or store images, data, or any other material that is offensive, defamatory, obscene, indecent, or that violates human dignity, especially if related to sex, ethnicity, religion, political opinions, or personal or social condition.
    f. To access or use any system without authorization, including attempts to scan and check for possible vulnerabilities.
    g. To forge TCP/IP packet headers, email messages, or any part of a message describing its origin or path.
    h. To engage in port scanning, network scanning, denial of service (DoS), and distributed denial of service (DDoS) activities.
    i. To host services that spread unauthorized traffic, such as open relays or TOR exit nodes.
    j. To engage in Virtual Currency Mining activities.
    k. To operate or run any type of game server.
  5. The Service Access Administrator undertakes, also on behalf of those to whom they have allowed access to the Resources, to use them exclusively for lawful purposes and in accordance with national, EU, and international law, as well as the regulations and customary usage of the networks and services accessed.
  6. The Service Access Administrator declares to be the exclusive administrator of the Resources (to the extent that the definition of administrator is applicable to the obtained Resources) and therefore the sole responsible party for:
    a. The management of data and/or information and/or content processed on the platform, its security, backup, and any activities necessary to ensure its integrity, undertaking to apply appropriate and adequate security measures.
    b. The content of information and data accessible and/or made available on the platform and, in any case, transmitted or made available online by the User.
    c. Any malfunctions of the Resources due to uses that do not comply with the provisions of this document.
    d. The loss or disclosure of access credentials.
    e. The management of access to the Resources, ensuring that the access credentials are changed at least every 12 months.
  7. The User and Service Access Administrator agree to promptly report any non-compliant use of the Resources as specified in this document or any security violations they become aware of.
  8. The User and Service Access Administrator agree, also on behalf of those to whom they have allowed access to the Resources, not to install software without a valid license.
  9. The User or Service Access Administrator is the sole and exclusive responsible party for any operation carried out without prior formal agreement with ELIXIR-IT, concerning the use, management, and administration of the Resources. In this regard, they undertake to:
    a. Comply with and ensure third parties comply with applicable laws, including the regulations regarding the protection of personal data as per EU Regulation No. 679/2016 and Legislative Decree No. 196/2003 and its amendments, as well as Legislative Decree No. 101/2018 and its amendments.
    b. Indemnify and hold ELIXIR-IT and the Service Provider harmless from any claims or damages, direct or indirect, of any kind or nature, made by any party.
  10. The User and Service Access Administrator agree to indemnify and hold ELIXIR-IT and the Service Provider harmless from any claims or damages caused to third parties through the use of the Resources, covering the costs, damages, and legal expenses arising from liability actions, and undertakes to inform ELIXIR-IT of any legal actions initiated against them.
  11. ELIXIR-IT and the Service Provider will not be held responsible under any circumstances for the use of the Resources in critical situations, including, but not limited to, risks to personal safety, environmental damage, harm to services for individuals, or damage to facilities.
  12. ELIXIR-IT and the Service Provider will not be responsible for any information, data, or content input, transmitted, or processed by the User/Service Access Administrator through the use of the Resources and are entitled to take any action to protect their rights and interests.
  13. The entity to which the User belongs remains the sole owner, under EU Regulation No. 679/2016 and Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018, of the data entered and/or processed on the Platform.
  14. ELIXIR-IT and the Service Provider reserve the right to activate automatic intrusion detection (IDS) and intrusion prevention (IPS) systems to detect and prevent security rule violations on the Platform.
  15. ELIXIR-IT and the Service Provider reserve the right to monitor compliance with the rules of this Policy, including monitoring network traffic and filtering systems on perimeter network devices.
  16. ELIXIR-IT and the Service Provider reserve the right to remove or block any content or resource that violates the provisions of this document.
  17. The User/Administrator is required to inform the Service Manager and include a thank you or citation to ELIXIR-IT and the Service used if any results, publications, posters, or abstracts arise from the use of the service provided by ELIXIR-IT.
  18. ELIXIR-IT and the Service Provider, at their discretion and without the possibility of the User contesting this as a breach or violation of any contract, reserve the right to suspend the availability of the Resources without notice in the event that:
    a. The User/Service Access Administrator violates any of the provisions in the Usage Policy.
    b. There are reasonable grounds to believe that the Resources are being used by unauthorized third parties.
    c. Cases of force majeure or circumstances that, at the sole discretion of ELIXIR-IT and the Service Provider, require emergency actions or security problem resolution, danger to the network and/or people or property; in such cases, the availability of the Resources will be restored when ELIXIR-IT has determined that the causes leading to the suspension have been addressed.
    d. The User is involved in any legal or extra-judicial civil, criminal, or administrative dispute related to acts or behaviors performed through the Resources.
    e. Suspension is required by the Judicial Authority.
  19. If users use ELIXIR-IT Resources for storing and processing human genetic data, compliance with the provisions of the GDPR and national legislation, including the measures outlined by the Data Protection Authority in the General Authorizations Nos. 1/2016, 3/2016, 6/2016, 8/2016, and 9/2016 as compatible with the Regulation and Legislative Decree No. 101/2018 is guaranteed.
  20. The transfer of human genetic data to access the services is carried out through protected communication channels, specifically requiring the use of an encrypted channel based on the SSH protocol for data transmission.
    a. Users access and can view genetic data only through login with User ID and Password.
    b. Users accessing the Resources:
    1. Must ensure that the use of the data does not violate any third-party rights.
    2. Must ensure the anonymization or pseudonymization of the data in compliance
    with the GDPR.
    3. Must ensure the separate processing of genetic and health data from other
    personal data that could identify the data subject.
    c. The entity/center to which the User belongs must appoint a data processing officer,
    if this specific service is used.
  21. In the event that research activities conducted using the services provided by the ELIXIR-IT Platform Compute lead to a publication/ poster/abstract or any scientific result submitted for publication, the user/Service Access Administrator agrees to cite the services
    used and ELIXIR-IT within the scientific publication.

    ELIXIR-IT reserves the right to modify this document in the future. The content of such new versions will entirely replace the current version and will have the same legal value. These new versions will be published on the ELIXIR-IT website (https://elixir-italy.org/) at least one month
    before they come into effect. Failure to accept the new version will result in the termination of the right to use the Resources.

Application notes:
This Terms of Use (ToU) and Acceptable Use Policy (AUP) template for services is intended to be a “Template” containing key requirements that should be common to all services offered by ELIXIR-IT, in compliance with current regulations.

  1. Each Service Provider can personalize the proposed documentation by adding their own identification and reference data.
  2. Each Service Provider customizes the document according to the services offered, excluding the application of the Terms to services that do not fall within the scope of the document.
  3. Each Service Provider must also add their own logo, in addition to the ELIXIR-IT logo.
  4. The ToU and AUP must be signed together with the Privacy Policy for the services and referenced in any contracts/agreements that govern access to the services.