Terms of use MagentaCICD (ICTO-20567, APP-34629)

§ 1 Version and change history

§ 2 General notes

The group guidelines and regulations on data protection and data security of DT AG are valid.

§ 3 Works council approval

The MagentaCICD system has an approval by KBR until December 31, 2020. The regulations of the Pilot KBV IT systems apply. The MagentaCICD system may not be used to monitor performance and behavior.

§ 4 Purpose

1. MagentaCICD provides a standardized tool set for IT developer teams.
2. The in this case recorded data are used excluding the comprehensibility and quality assurance. Any form of collection and evaluation of data of the users, whose actions and activities that are used for other purposes than for the error location and for the maintaining of the regular operation are not allowed.
3. The comments fields used in GitLab are to be used exclusively for the contents-related comment of the operation steps.
4. MagentaCICD offers Codesharing as service. Attention is to be paid to it, that the released contents suffice the specifications and/or recommendations of data protection and data security.

§ 5 Data protection, data security and supply accounts

1. Based on the PSA procedure, an SDSK (security and data protection concept) was created and released for MagentaCICD (categorization B, protection class “internal”).
2. For the services provided (repositories, storage), the Workbench user must comply with the group-wide data protection and data security guidelines, which depend on the respective protection class. The MagentaCICD user is responsible for complying with the above-mentioned specifications for all data in the “internal” protection class. Data with higher protection classes is not permitted. In general, no customer-related productive data may be stored, regardless of the protection class.
3. The “need-to-know” principle applies to the content stored in the MagentaCICD in accordance with the data protection rules. Content may only be stored for business purposes.
4. an account shall be provided to the users of MagentaCICD. This provides access in accordance with the rights and roles concept.
5. The user acknowledges that in order to ensure stability, temporary data (e.g. workspaces of the build agents) shall be regularly checked and, if necessary, permanently removed.
6. In connection with the administration of the accounts and rights, the data first name, last name and mail address and company are stored. The data will not be passed on to third parties. When an account is deleted, these data are also deleted.GitLab records all accesses that occur through a Git client. So all activities at a repository are stored in its version history. In particular, the user’s name and email address configured by the user in the Git client are stored here.Due to the anti-counterfeiting nature of a git repository, this data cannot be deleted or made anonymous. The version history of a repository is completely deleted when the repository is deleted. In the so-called “Activity Stream” GitLab records all actions of a user on a project/repository. These activities are permanently visible to all group or project members. This also applies to other project-specific Gitlab data (issues, merge requests, wiki, snippets). In order not to lose this important project data, Gitlab accounts are deactivated when a MagentaCICD account is deleted and are not deleted.
7. Access to MagentaCICD is via a website. This website uses cookies (session cookies) and similar technologies that are only required for basic functionality. Session cookies are small text files that are temporarily stored on your computer and saved in your browser, e.g. for portal login. They enable basic functions such as navigating through the pages, switching between services without repeated login or accessing secure areas of the website. The legal basis for these cookies is Art 6 1 b) DSGVO.

§ 6 Obligations as a user of MagentaCICD

1. The use of MagentaCICD is only permitted if you as a user accept these Terms of Use. This is done when you log on to the system for the first time and when the Terms of Use are changed.
2. Your MagentaCICD account is personal and may only be used by yourself. Your username (domain account) and access token and are to be protected from access by third parties and may not be passed on.
3. The respective user is responsible for the data and content stored in the MagentaCICD.
4. Projects or groups deleted by users can NOT be restored. Special care shall therefore be taken with this functionality.
5. The user may be blocked in the event of violation of the terms of use or misuse.
6. If the user creates his own projects, the owner obligations apply accordingly.

§ 7 Obligations as owner of a GitLab Group in the MagentaCICD

As the owner of a GitLab group, you are responsible for assigning and maintaining the roles/rights of MagentaCICD users. External employees and partners of the Deutsche Telekom Group may use the MagentaCICD only after appropriate registration and release. This may only be done on an individual basis. The Necessity of NDAs (non disclosure agreements) must be examined and, if necessary, ensured by the project. An owner of a GitLab group may appoint additional owners. The new owners added in this way must be made aware of their obligations as owners. In addition, there are owners of groups and projects in the Gitlab service. They are managed independently within Gitlab. Gitlab groups and projects must be created as “Private”. Unless you want to allow read access.

§ 8 Further Development and Availability of MagentaCICD

The provider reserves the right to change and expand the content and structure of the platform as well as the associated user interfaces and tools if this does not or only insignificantly affect the fulfilment of the purpose. For important reasons, short-term maintenance windows (e.g. for security updates) may become necessary. Therefore, MagentaCICD is not available in such cases. The Provider shall inform the users accordingly about the changes and maintenance windows.