Terms of use for providers using Feide

1. About Feide and Uninett

Uninett is an independent, non-profit entity owned by Unit — the Norwegian Directorate for ICT and Joint Services in Higher Education and Research.

Uninett provides the infrastructure of the knowledge sector and is an active partner in the effort to digitize education and research. Uninett develops and provides the digital foundation that makes world-class research and education possible in Norway.

Feide is a national solution for secure log-in and data sharing in education. With Feide, users get secure and correct access to a number of digital services with only one user name and password. 

Feide makes it possible to share data securely and easily, while also protecting privacy. The service offers improved oversight and control of the dataflow, and it facilitates for data-driven innovation.

For more information about the service, go to www.feide.no.

1.1. About the terms of use

These terms of use regulate terms for providers integrating with Feide. The provider gains access to Feide’s customer portal (Customer Portal) upon accepting the terms of use for providers.

Before any provider can integrate with Feide, an authorized representative of the provider must accept these terms.

 

2. Who can use Feide?

All providers of education-related services, or services that offer added value for individuals or institutions affiliated with the education sector, can use Feide.

The provider’s use of Feide must at all times comply with Norwegian law.

 

3. Reliability

Feide was designed to serve as critical infrastructure in the education sector. All components have redundancy and can normally be updated with no downtime. The various components have different availability, depending on the component’s criticality and use. Please go to www.feide.no for more information about the various components.

The service is monitored 24/7 by Uninett’s operations centre.

 

4. Integration

4.1. About the terms of use

Technical documentation for integration of a service with Feide can be found here: docs.feide.no.

4.2. Registration of Feide services

The provider must register its services in the Customer Portal. The provider must register all of the information marked as required in the Customer Portal.

4.3. Using ID-porten for authentication

Log-in using ID-porten is not available until the service provider specifically requests to make this option available for its services by contacting support@feide.no.

Log-in using ID-porten is only permitted for services that satisfy ID-porten’s requirements.

4.4. Integration with eduGain

Integration with eduGain may make the service more accessible for international students. If the provider wants to integrate with eduGain, the service and the provider must satisfy eduGain’s requirements.

Service providers choosing to allow international log-ins via eduGAIN, must also comply with the terms of the GÉANT Data Protection Code of Conduct.

4.5. Information material

In the interest of user-friendliness and universal design for the users of Feide, it is important to make sure the visual presentation and user interface generates trust. Uninett prepares and maintains user-oriented information about Feide and graphic elements providers should use when connecting to Feide. Updated information material is available at www.feide.no.

 

5. Maintenance

5.1. Continuous maintenance

Minor changes that are not expected to cause service interruption or downtime are performed continuously with no prior notice.

5.2. Scheduled maintenance — maintenance window

A maintenance window is a pre-defined slot of time where the service may be unavailable, and this window is used for hardware maintenance, upgrades, service, etc.

Feide’s maintenance window is the night before Tuesday.  

Uninett will, if at all possible, not use the maintenance window during critical periods for providers and host organizations.

5.3. Notice of scheduled maintenance

Uninett will give notice of scheduled maintenance at minimum 5 business days in advance. Notice will be given by e-mail to the provider’s contact persons, as registered in the Customer Portal and on www.feide.no.

 

6. Contact information

6.1. End user support

The provider is responsible for providing first-line support for users of its own service in connection with log-in problems and other problems related to the service. The provider must ensure that all first-line support personnel has received appropriate training in using Feide.

6.2. Uninett support

The provider’s administrators and developers may contact Uninett at support@feide.no / +47 73 55 79 00 for assistance in connection with the registration of services, as well as with APIs and integration with Feide. Opening hours are 08.00–16.00.

Errors and problems with Feide can be reported outside of regular opening hours, at tel. +47 91 12 70 87.

6.3. The provider's contacts

The provider must keep a list of contacts within its own organization up to date in the Customer Portal. The provider may register several contacts in the Customer Portal.

The contact information for the technical manager is especially important, as Uninett will contact this person for technical matters, security issues and errors associated with the provider’s integration with the shared solutions.

6.4. Notifications

The provider must, as soon as is practically possible, inform Uninett about events involving Feide, or the provider’s own services when the events may affect Feide. Uninett’s point of contact in these situations is listed on www.feide.no.

For the provider to receive notifications of critical and serious events, the provider must register desired recipients of these notifications under technical manager in the Customer Portal.

 

7. Processing of personal data

7.1. The provider's obligations in connection with the processing of personal data

Service providers providing services to host organizations (university colleges/universities, school owners) must comply with certain obligations, as defined by relevant privacy legislation.

When the service provider provides services to host organizations via Feide, these obligations apply when

  • host organizations are customers of the service provider
  • the services process information about students/pupils, teachers, researchers and other employees

The service provider must establish a separate agreement with the host organization regulating such obligations under relevant privacy laws, including the obligation of:

  • assessing whether the service’s information safety is satisfactory;
  • complying with the host organization’s instructions for processing data on its end users; and
  • making sure that the provider’s organization complies with the host organization’s instructions

Data processors must comply with written and documented instructions for managing personal data in the Service, as laid down by the data controller and defined in the data processing agreement.

For more information about the service provider’s obligations in connection with the processing of personal data, please go to https://www.feide.no/personvern-og-samtykke.

7.2. Confidentiality

Any and all information revealed to the parties in connection with this agreement and its execution shall be kept confidential and not be made available to third parties without consent from the other party.

Uninett’s duty of confidentiality under this paragraph is in line with what follows from the Act of 10 February 1967 Relating to Procedure in Cases Concerning the Public Administration (Public Administration Act) or other equivalent sector-specific legislation.

The duty of confidentiality under this paragraph does not preclude disclosure of information if such disclosure is required by law or regulation, including publication and access to information under the Act of 19 May 2006 Relating to the Right of Access to Documents Held by Public Authorities and Public Undertakings (Freedom of Information Act). If at all possible, the other party shall be notified before any such disclosure is made.

The duty of confidentiality does not impede making use of the information when no legitimate interest indicates that the information should be kept secret, e.g. when the information is publicly known or readily available from other sources.

The parties shall take any and all necessary precautions to prevent third parties from gaining access to or becoming privy to confidential information.

The duty of confidentiality extends to the parties’ employees and subcontractors, as well as any third parties acting on behalf of the parties in connection with performance of the contract. The parties may only make confidential information available to such subcontractors and third parties insofar as this is necessary for the performance of the contract, and only on the provision that these parties are made subject to the same duty of confidentiality.

The duty of confidentiality does not impede any exchange between the parties of experiences and competence acquired in connection with performance of the contract.

This duty of confidentiality shall endure even after the termination of the contract. Employees or others whose appointment with either party ends, shall have a duty to keep confidential any information specified above even after the end of their appointment. This duty of confidentiality shall cease five (5) years after termination of the contract, unless otherwise mandated by laws or regulations.

 

8. Compensation

The service provider must bear any and all costs associated with integration with Feide. The integration shall not cause Uninett to incur any connection costs.

Any financial obligations between the service provider and host organizations shall be regulated by the agreement between the provider and its customers, and Uninett shall not be a party to any of these agreements.

8.1. Fees for the use of ID-porten

Feide may be billed for other services’ use of ID-porten. An invoice will be issued if the total number of log-ins via ID-porten from services connected to Feide exceeds a certain limit. From ID-porten’s perspective, all services connected to Feide are considered a single service, and Uninett will be billed if these services in total causes Feide to become one of ID-porten’s largest users.

In the event Feide is billed for its services’ use of ID-porten, Uninett will, in turn, bill the service providers who are using ID-porten. This onward invoicing will be based on the service provider’s share of the total number of ID-porten log-ins through Feide.

 

9. Government orders, etc.

Uninett is at all times subject to any government orders and frameworks defined by Uninett’s owner. If government orders or revised frameworks concerning Uninett’s activities significantly affect performance of the contract, Uninett may demand any and all necessary amendments to the contract, e.g. by implementing price changes. Uninett will give written notice of any and all changes that will be effected.

The changes will take effect when the service provider receives the notice, or at a later date specified in the notice.

Within one month of receiving such a notice, the service provider may terminate the contract, effective immediately, without regard for article 14 on termination. This, however, only applies if the changes significantly affect the service provider.

 

10. Breach of contract

10.1. Material breach of contract

A breach of contract is defined as any objective deviation from what has been agreed. In the event of material breach of contract, Uninett may disconnect the service provider or the service in question from Feide. If so, Uninett must without undue delay inform the service provider of this in writing. The provider’s technical contact persons must be notified via e-mail without undue delay.

Material breach of contract includes, but is not limited to:

  • abuse of Feide;
  • abuse of information available in/via Feide or the Customer Portal;
  • facilitating for or executing a security breach; or
  • inadequate follow-up of any security breach
10.2. Obligation to remedy a breach
The provider must remedy any breach of contract within a reasonable time.
10.3.  Liability
In the event of material breach of contract on the part of the provider as a result of the provider’s gross negligence or intentional action, the provider is liable for any loss incurred by Uninett as a result of the breach. Uninett also reserves right of recourse against the provider in the event that claims are filed against Uninett as the result of any such breach.
10.4. Sanctions
In the event of a critical or serious event involving the provider’s service, Uninett may disconnect the service from Feide or refuse integration with Feide for any shorter or longer period of time, until the provider has documented to Uninett that the event has been remedied, or relevant measures have been implemented. Uninett may determine the length of this suspension at its sole discretion.

In such situations, the provider must, at its own cost, remedy any inconvenience caused to its own customers as a result of the disconnection.

10.5. Limitation of liability

Uninett cannot be held liable for any loss, damage or costs incurred as a result of the provider’s use of Feide. This limitation of liability, however, does not apply in the event of gross negligence or intentional action on the part of Uninett personnel.

 

11. Amendments to the terms of use

Uninett may, without further consultation, propose minor amendments/adjustments to these terms of use. Any changes must be accepted by Uninett’s service board for Feide before taking effect. Uninett will inform users of any changes to the terms of use on www.feide.no.

For any major amendments to these terms of use for providers, Uninett will circulate the proposed amendment via e-mail to registered contacts for consultation. The deadline for submissions shall be no less than 1 month.

 

12. Termination

The terms of use take effect once accepted by the provider, and shall remain in effect until terminated in writing by either party with six months’ notice.

In the event the provider terminates the terms of use, the provider must clarify to Uninett how the customer’s integration with Feide is preserved.