Introduction
anDREa is committed to protecting the security of data in Workspaces, users and Tenants related data, and anDREa’s own business information.
The purpose of this document is to describe anDREa’s Terms of Service (ToS). The ToS is a legal document that covers expected user behaviour and the rules for users when using the myDRE Shared Tenant.
This document will be updated at least annually and when a significant change happens to the relevant areas covered.
Terms of Service
All DRE users are required to abide by these Terms of Service (ToS) when using the Azure DRE Shared Tenant (Azure DRE). This encompasses the use of any Azure resources governed by the DRE system including but not limited to:
https://www.mydre.org/,
https://support.mydre.org/; any underlying API connections; virtual desktops; Azure Batch accounts; blob and file storages; or databases.
For all users
By using the Azure DRE, where applicable you agree to adhere to the rules set by ‘Medical Research Involving Human Subjects Act’ (WMO, Wet Medisch Onderzoek), Medical Treatment Agreement Act (‘Wet Geneeskundinge Behandelovereenkomst’, WGBO), the ‘Code of conduct for Health Research’ (Code goed gedrag, Federa), the General Data Protection Regulation (‘Algemene Verordening Gegevensbescherming’ GDPR/AVG), Good Clinical Practice (GCP).;
Keep your user name and password secure and do not share your Azure DRE credentials with anyone else;
- Confidentiality: High
- Integrity (of data): Medium
- Availability: Medium
Usage of myDRE is further constrained by the organization that is responsible for the Workspace, please consult the intranet site of the respective organization by searching for the page: What type of work is allowed on myDRE?
A workspace life cycle ends when it is deleted or at the end of an archiving period (by default 20 years). A workspace accountable is responsible for proper disposal of the workspace by either requesting the workspace to be deleted or requesting it to be archived, by also supporting a number of archiving years financially;
myDRE is to protect data from unauthorized access and modification, to limit unauthorized access or modification, e.g. by having ports open or obtaining access via authorized users, to the compromised Workspace.
myDRE is designed to be safe with the normal use of authorized users. myDRE is not designed to withstand malicious intent of authorized users; the main body of the users’ characteristics are: extremely intelligent, skillful and resourceful with the mindset to proof something that others, past and presence, deemed impossible or have not considered before, hence:
- Do not attempt to circumvent security measures set by the system. This includes, but is not limited to, downloading data from workspaces or moving data between workspaces using resources outside the system; forcing entry to systems or interfaces; hacking; and (identity) fraud;
- Abuse of the system (e.g. *.mydre.org, discussion platforms, support.mydre.org, or *.helpmydre.org) or other misuses within myDRE in any way, shape or form, can result in a permanent ban at the discretion of the anDREa;
Activities on the platform will be logged and may be used to identify suspected misuse. Such information will be stored along with the workspace and live for at least as long;
White hackers are only allowed to help to improve the security and robustness of Azure DRE when they agree to the terms and conditions and are explicitly granted by the CTO of anDREa, for more information submit a ticket via
support.mydre.org.
Users are free to make use of provided software packages or bring their own licensed programs to use on myDRE virtual desktops, although limitations may be in place to prevent such software from activating or accessing resources outside myDRE. No guarantees are given that such software will work and limited support is available for any software other than the software provided by default on the platform. It is the responsibility of the Workspace Accountable to ensure that relevant software license terms and conditions are met of software used in their Workspaces.
For workspace accountable
The final responsibility of workspace contents lies with the workspace accountable. He/She is responsible for both contents and activities that take place within the Workspace but also for the costs incurred due to used resources. Microsoft Azure directly bills Azure consumption to the organization, anDREa is not involved in this.
As the responsibility for adhering to the rules set by WMO/GCP lies with individual users, Workspace Accountables take full responsibility by proxy when inviting other members to their workspace, over that what can be expected of registered researchers covered by their own institute or clinicians;
When inviting users to their workspace, workspace accountable have the duty to check whether the person they are inviting is the correct person.
If you have any questions on the items above, feel free to contact your myDRE Support Team via