Rules and regulations
Charter of rights and duties applicable to all persons undergoing or who have undergone training at HEC Paris regarding their use of HEC Paris IT and Library Resources
This charter applies to all users of HEC Paris IT and Library Resources.
The term "User" applies to all persons undergoing training or who have received training provided by HEC Paris, regardless of where they may be located, whether on the premises of the institution (classroom, resource room, common areas, their residence, etc.) or externally when using Resources (at home, company internship, seminars, etc.),
the term “IT Resources” shall refer to all computer software and equipment, storage resources, information resources for site analysis or management, means of information exchange, servers, and networks owned or operated by HEC Paris, which may for instance be accessed remotely, whether directly or by links from the network administered by HEC Paris,
the term “Library Resources” shall refer to all software, databases and online access licenses of the documentary resources which may be accessed remotely, or directly,
and the term “Resources” applies collectively to IT Resources and Library Resources.
Terms of access
The use of the Resources and the connection of computer equipment to the network are subject to authorization by the HEC Paris IT Department. Such use is contingent upon the allocation of a username to each User.
The use of Resources is conditional upon the acceptance of this charter and may only be used by Users
The means of access to Resources (username, password, card, etc.) grant specific rights defined in particular on the basis of the training course curriculum corresponding to each User. These rights are granted only for the duration of the training provided by HEC Paris, with the exception of certain services that may be offered to the User post-graduation.
The means of access are granted on a strictly personal basis, and must under no circumstances be disclosed to any third party, including any other User. Each User is therefore responsible for all acts performed using his or her credentials. If these are lost or stolen, the User agrees to contact IT support, which will take all such measures as may be considered necessary.
HEC Paris provides the User with an email account.
The User is responsible for the proper use of the email service made available to him/her and agrees to comply with the guidelines set forth in this charter for the duration of their use of the email service.
HEC Paris may also make changes to the email service (closing of related services, changes to settings, changes to the email system). In this case, the User agrees to accept changes made by HEC Paris and to facilitate related operations.
If a User’s training is terminated without graduation, for any reason whatsoever, their right of access will be eliminated and their email account closed without notice.
The use of the email system is intended to facilitate communications as part of training activities or job searches. The email system must not be used for professional, commercial or community association-related purposes in any way, with the exception of student associations within HEC Paris.
After graduation, the User shall retain a right of access to their email account and to certain related services. These services are temporary and may be interrupted at any time. However, HEC Paris may not be held responsible for any malfunction or interruption of the service. Moreover, HEC Paris reserves the right to discontinue this service for post-graduate Users at any time. In such case, HEC Paris agrees to provide notice to the User at least three (3) months prior to the effective termination of access. It will be the sole responsibility of the User to collect and recover any items contained in the email account.
The obligations of the Charter shall apply for the duration of the use of the email system, including after the User’s graduation. The User may terminate these obligations by requesting the closure of their email account (see the 'unsubscribe' section below).
Access to Resources is strictly limited to the following activities:
- educational and/or research activities,
- HEC Paris student association activities.
Any use for projects not explicitly within the scope of HEC Paris’ activity is strictly prohibited, except by prior written approval of the HEC Paris Administration.
It does not in any way constitute a personal or private space. It is especially prohibited to use Resources to perform any work, whether remunerated or not, for individuals or entities foreign to HEC Paris.
When using computer rooms located on the campus of HEC Paris, the User must:
1. be able to prove their identity with their badge,
2. refrain from consuming food or drinks.
The use of Resources must be reasonable and fair, in order to prevent overloading or abuse.
The owners of any personal computer equipment are solely responsible for its connection to HEC Paris’ networks, and it is incumbent upon them to take the proper precautions (antivirus, data protection/backup).
If the User makes a request for IT support, including for their own equipment, such action implies a waiver of the right to confidentiality regarding the correspondence and data contained in the computer. IT Support will need to report any activity likely to involve significant impact or risk (legal, regulatory, technical, legal, financial, or branding related) for HEC Paris.
The portion of the IT environment facilitating collaborative work, including the email system, is hosted in a cloud. The applicable rules regarding the confidentiality of data are those applied by the cloud service provider for all the services it hosts, and are available on its website.
It also directly manages the email system’s logs and its antivirus and anti-spam system. For such purpose, it collects the User’s personal data. By using this service, the User accepts that the personal data thus captured will be hosted outside the European Union. To protect their attachments or documents stored within this collaborative space, the User agrees to archive them using 7ZIP type tools using AES256 encryption.
As HEC Paris’ connection to the Internet is provided through the operator RENATER, all Users are under an obligation to respect the principles and recommendations for usage and security established by RENATER, whose code of ethics may be found at www.renater.fr .
Observance of property rights and licenses
The User is prohibited from making copies of the software programs placed at their disposal, or making any use thereof in breach of the requirements of their authors or the company that makes them available to HEC Paris.
Self-service workstations are regularly erased. The User is authorized to download data in compliance with laws on intellectual, literary and artistic property.
The reproduction and/or diffusion of any commercial software, database content, and in general of any literary, artistic or musical work, for any purpose, is strictly prohibited and constitutes infringement punishable by law.
Responsibility for content
The User is responsible for any material they choose to write or post online. They are solely responsible for any removable media (CDROMs, USB drives, portable hard drives, etc.) belonging to them. The use of the HEC Paris graphic charter of the website, logos, and trademarks is contingent upon prior approval by the HEC Paris Administration.
The User agrees to:
1. not broadcast or publish any content which they have not authored, or for which they do not have written authorization from the author, and to not forward externally any messages disseminated on HEC Paris networks that are confidential in nature or contrary to the rules of this charter,
2. not make any use outside their training activity of the personal data and educational content to which they are granted access,
3. use the email system only as a specific tool for communications between individuals, and not as a tool for the generalized dissemination of information,
4. not harass other users by unwanted communications or display/distribute illegal information (abusive, pornographic, defamatory, or racist material, etc.)
5. not attempt to read, modify, copy or destroy data for which they are not responsible, except as otherwise authorized,
6. refrain from undermining the image or interests of HEC Paris by the nature of their communications or activities.
Contributions to social media and websites
Statements made by the User in their contributions to social media and websites regarding HEC Paris and their teachers must be of a reasonable nature.
The User is prohibited from disclosing any information known to them as a result of their affiliation with HEC Paris, and from disclosing the contact information of persons working there.
Resources security compliance
HEC Paris has implemented security measures to protect its Resources and the personal data posted online.
The User agrees to comply with these safety measures, and in particular commit to not attempting by any means whatsoever to undermine the integrity of Resources, whether in regard to the educational, self-service, or residential resources provided, and not to engage in any activities likely to hinder their proper functioning. The User agrees in particular to not modify the working environment of other users, and to not attempt to access user areas other than those that have been assigned to them.
The User agrees to not:
1. introduce data or programs likely to disrupt the proper functioning of Resources,
2. attempt to intercept communications between Users.
Use of Resources
Each User agrees to:
- report any attempted breach of their account and, generally, any anomaly that they may observe,choose a secure, confidential password, and to change it regularly,
- install an updated antivirus program on their computer and apply all publisher updates for the security of their computer’s operating system,
- only use the amount of disk space that is strictly necessary, and make optimum use of the file compression resources available,perform processing activities requiring the heavy use of Resources (printing large documents, major calculations, intensive network usage, etc.) at such times as would tend to least burden the other Users,
- take responsibility for any rights they give to other Users at their station(s), or in the spaces made available to them by HEC Paris.
- use any account (username) other than the account through which they have access rights,
- engage in activities intended to deceive other Users in regard to their identity,attempt to appropriate or decrypt other Users’ passwords
- attempt to limit or prohibit access to Resources by authorized users,
- leave their workstation or self-service station without logging out or locking the machine,
- develop programs that self-replicate or attach to other programs (computer viruses)
- modify common computer equipment, whether in regard to hardware or software.
If the User observes any malfunction or abnormality in the resource they are using, they must notify the teacher in charge or the IT Support Department, indicating the station in question and the nature of the anomaly.
Any physical displacement of the equipment or modification of the procedures for the connection of the hardware to the electrical, telephone, or computer networks without prior written consent from the IT Department of HEC Paris is prohibited.
The User agrees to not engage in operations likely to result in:
- an interruption of the normal operation of the network or one of the systems connected to the network,
- access to another network user’s information without their agreement,
- the alteration or destruction of the information contained in one of the systems connected to the network.
Role of administrators and usage controls
System / network / DBMS / web administrators are personnel who manage the machines connected to the HEC Paris network and the servers where the various services available to the User are installed (Internet Services, management applications, educational services, research and documentation services). For such purposes, and as required for maintenance and technical management, the use of Resources and communications via the network may be analyzed and monitored by administrators, in accordance with applicable legislation.
For this purpose, they have:
- the right to take any steps necessary to ensure the proper functioning of the Resources of HEC Paris,
- the right to access such information as may be necessary for administrative and diagnostic purposes within the systems or networks they administer,
- the right to establish monitoring procedures covering all tasks performed using the Resources, in order to detect breaches or attempted breaches of this Charter
- the duty to inform the User, to the extent possible, of any necessary action likely to disrupt or interrupt the normal use of the Resources,
- the possibility of consulting data published in public and private spaces a posteriori such as for example on websites, collaborative workspaces, or forums made available for educational purposes, and to report any behavior in breach of this charter,
- the obligation to preserve and respect the confidentiality of the private information of which they have become aware in the course of their activities,the right to take any protective measures (system shutdowns, removal of access rights, file locking, etc.) that may be necessary to prevent overloading of resources, or run a snapshot operation in case of problems related to system security,
- In case of any breach of this charter or emergency situation, the right to take any protective measures (including the suspension of access to the network or the Resources in whole or in part) that may be necessary, without prejudice to any possible penalties that may result.
All actions conducted using the network and workstations are traced and permit the identification of the author. In particular, as part of precautionary measures intended to prevent the overloading of resources, to take a snapshot during any problems related to system security, where administrators may save a variety of information, particularly emailrelated information (sender, addressee(s), dates, log-in times) or to the web sites accessed. This type of tracing is used only for technical purposes. However, in the context of legal proceedings, these files may be made available in court.
Ensuring the smooth operation of Resources is the responsibility of the IT Department of HEC Paris, which may in such capacity:
1. Access the electronic messages sent or received by a User,
2. Analyze the documents placed on the network or a workstation.
Non-compliance with the principles set forth in this charter may incur:
- a limitation or termination of access to IT Resources and/or to the Library Resources, and, if applicable
- disciplinary sanctions under the internal regulations applicable to any person undergoing training at HEC Paris,criminal sanctions under the laws in force.
Modifications to the charter
HEC Paris may unilaterally modify this charter at any time, in particular for purposes of compliance with new legal or regulatory provisions. In such case, HEC Paris will provide notice to the User.
After graduation, the User may choose to terminate their enrollment and eliminate their email account by sending an email to IT support at firstname.lastname@example.org. They will then be contacted to prove their identity, before the elimination of their @hec.edu mailbox and email address. They will then no longer be subject to this charter.
This charter supersedes all other documents or charters regarding the use of Resources.
Law 78-17, referred to as the “computing and freedoms” law of July 1978 on Access to Administrative Documents; the 1985 Law on software protection; the law of January 5, 1988 on computer fraud; the Renater Charter; Law No. 88-19 of January 5, 1988 on computer fraud, LCEN: Law n° 2004-575 of June 21, 2004 on trust in the digital economy; HADOPI 1, Law n° 2009-669 of June 12, 2009; HADOPI 2, Law n° 2009-1311 of October 28, 2009; DADVSI, Law n° 2006-961 of August 1st, 2006.
The library’s rules and regulations can be download in PDF format here