ENTERPRISE BUSINESS GROUP

Request Form Release Version: 2

REQUEST FORM
Waiver Request form – 2020 Branch-in-a-Box Device Terms Of Use
Application Instructions: Answer all questions, sign the request form and submit to the designated PLDT Representative. Please use a black pen in
filling up the form (use the caps lock key when answering electronically, except for case-sensitive entries) to ensure clear fax transmittal of information.
Please complete all blank spaces and write “N/A” if the question does not apply to you. We regret that requests not duly completed or accompanied by
documents may be delayed or rejected. All information shall be kept confidential.

CUSTOMER KEY INFORMATION

COMPANY NAME: PHILIPPINE MERCHANT MARINE ACADEMY
COMPLETE PMMA COMPLEX, NATIVIDAD, SAN NARCISO, ZAMBALES 2205
No. Street Village/Barangay/Municipality Zip Code
INSTALLATION ADDRESS:
Authorized Signatory: KIM RAVEN R. LIMBO Official Designation: IT HEAD Email Address: krr.limbo@pmma.edu.ph
Technical Contact: Mobile Phone No.: 09295152495 Company ID No.: 1580

Kindly indicate details of the authorized person to be granted Network Administration Privileges:
Full Name E-mail Address
CIR FLORANTE B. FLORESCA cfb.floresca@pmma.edu.ph

Account Number Telephone Number Device Serial Number

CUSTOMER CONFORME
INSTRUCTIONS: Upon request of Full Administrator Access, kindly submit the original copy of the attached TERMS OF
USE (“Terms”) signed by the company’s duly authorized representative, which contain your rights and obligations when
granted Full Network Administrator Rights to the PLDT Managed Cisco Meraki

I certify that the information supplied above is true and correct. By signing below, I signify that I have read the
attached Terms and Conditions and agree to abide by them as soon as I have accepted the grant of Full Network
Administrator Rights on the PLDT Managed Cisco Meraki .

KIM RAVEN R. LIMBO IT HEAD February 20, 2023

_______________________________________________________ _______________________________________________________ _______________________________________________________

Authorized Signatory Designation Date Signed

(Printed Name over Signature)
 PLDT Branch-in-a-Box Device Terms of Use
This Terms of Use (“Terms”) refers to these conditions relative to the Customer’s use and access to the Managed Cisco Meraki Device (“Service”) as defined herein,
to be used solely and specifically with the Service. PLDT reserves the right to modify this Policy at any time without prior notice.
Section 1. Definitions
The Customer’s subscription to the PLDT Managed Cisco Meraki Device shall include
the provision of a Cisco Meraki Device (“Device”) and the setup and management of
the Device and its license limited to the following:
• Creation of the customer’s network in the Meraki dashboard
• Claim and activation of the Device license
• Monitoring and renewal of license
• Troubleshooting, repair, and replacement
The Device is a hardware equipment that provides wireless, switching, security,
enterprise mobility management, and security camera functions and managed through
the Cisco Meraki Cloud Networking Platform “Platform”.
Additional features, service requirements and hardware components not included in this
agreement which will require operating system, hardware and or license upgrade/s that
may be necessary to connect to the Device shall not be the responsibility of PLDT,
unless covered by a separate corresponding contract.
Section 2. Appropriate Use
Customer administration of the Service shall be limited to Network Administrator
Privileges as defined in SCHEDULE 1.
The Customer shall continue to use the Device with PLDT-approved circuits. PLDT
reserves the right to automatically disconnect non-PLDT circuits, including those from
other carriers, and shall not be in any way be liable for any damage that may be
suffered by the Customer from the disconnection of said circuits.
Customer shall be responsible in securing its own Local Area Network (“LAN”), and all
other devices connected or shall connect to the Service through its LAN.
Customer shall not hold PLDT, its officers, directors, and employees liable for any
security breach, damages, or losses caused by such unsecured connections. PLDT
shall only be responsible for securing the Device.
Section 3. Pre-termination of Contract
The period of subscription for the Device shall be coterminous with the Service. In the
event of pre-termination, the remaining monthly recurring charges (“MRC”) of the
Device shall be fully paid in addition to the pre-termination charges in the Contract for
the Service.
Section 4. Equipment Warranty
Should the Customer experience any Device defects or issues within the contract
period, Customer shall contact PLDT for diagnosis, troubleshooting, and replacement if
applicable. If device is approved for replacement, PLDT shall recover the defective
device upon replacement.
Should the particular Device model subscribed to be discontinued by the equipment
manufacturer upon Customer subscription to the Service, PLDT shall exert best efforts
to recommend a substitute Device to service the Customer’s requirements, at
Customer’s cost.
Section 5. Waiver and Assumption of Liability
This Waiver and Assumption of Liability (“Waiver”) refers to PLDT and Customer’s
agreement for the Customer to assume “Full Network Administrator Privileges” as
defined in herein:
By receiving Full Network Administrator Privileges to the PLDT-provided Managed
Device, Customer understands and agrees that Full Network Administrator Privileges is
defined as the Customer having complete control over the configuration and
maintenance of “Network Administrator Privileges” as defined in SCHEDULE 1.
Notwithstanding the preceding article, and by virtue of the services that PLDT provides
to the Customer, PLDT may maintain limited visibility oversight for PLDT’s monitoring
purposes only. With visibility oversight, PLDT, can still but, will not configure, modify,
vary and adjust the Device, unless instructed by the Customer.
By receiving Full Network Administrator Privileges to the Device, the Customer
understands that:
Upon execution of this Waiver and Assumption of Liability, Customer agrees that any
and all request for the repair or replacement of the Device, which may or may not have
been caused by direct or indirect loss or damage by the Customer, shall undergo
standard troubleshooting process as defined in Section 4 (“Equipment Warranty”).
After being given Full Network Administrator Privileges, the Customer shall be solely
responsible for providing security to its network from any manner of threats and attacks,
whether internal or external, that may be caused by the configuration, modification,
variation, or adjustment of the Device.
The Customer shall also be solely responsible for managing their passwords, manually
inputted or Meraki-generated, including but not limited to Wi-Fi, Meraki Dashboard, and
Client VPN. PLDT strongly recommends Customer to use a strong password based on
this minimum complexity requirement: a minimum length of 8-character and a
combination of three of the four categories including alphanumeric characters, one
character in upper case, one character in lower case, or at least one special character.
Customer acknowledges and understands that, by not following this recommended
format, its network security maybe at risks and Customer fully accepts any liabilities
arising from such security risks.
In the event the Customer reconfigures the Device and the Customer suffers a circuit
outage arising from wrong configuration parameters, PLDT shall not be liable to grant
any rebates or refunds to the Customer for the time that the Customer was unable to
access the internet.
Without prejudice to claim for damages that may be caused by the said reconfiguration
to PLDT’s network and internal system, PLDT reserves the right to disconnect the
Service at any time should the Customer’s reconfigured Device be found to cause
harmful interference or security risk to PLDT’s network. The Customer agrees to hold
PLDT free and harmless from any liability arising from such disconnection.
The Customer acknowledges and understands that any of its technical configuration,
modification, variation, and adjustment in the Device shall be subject to the said
Device’s technical capacity. Should its technical capacity be unable to support the
Customer’s intended configuration, modification, variation, and adjustment, PLDT may,
upon the Customer’s request, recommended a Device that may be more appropriate to
service the Customer’s requirements, at Customer’s cost.
The Customer agrees that PLDT shall retain absolute ownership over the Device. The
Customer further agrees to allow PLDT to retrieve the Device after the service is
disconnected
All other provisions in the Contract for the Service not contrary to these provisions of
the Policy shall apply in a suppletory manner herein.
Section 6. Data Collection
To ensure the performance and security of the Device and its features, the Platform
shall collect the following network traffic data:
Network traffic information: MAC addresses, device names, device types, operating
systems, geolocation information, and information transmitted by devices such as
hostnames, protocols, port numbers, and IP addresses;
Other: Such other information regarding network traffic as reasonably requested by
Cisco that may constitute Personal Data as defined under the Data Privacy Act of 2012,
its implementing rules and regulations, and other relevant issuances/circulars.
All data collected by the Platform shall be collected and stored in accordance with the
current highest industry standards and in accordance with applicable Data Protection
Laws. Customer represents, warrants, and undertakes that:
• It has obtained the specific consent of the data subject to the collection and
processing, except where such consent is not required under law; and
• It has provided the data subjects with the following information prior to
collection:
o The identity of the personal information controllers or
processors that will be given access to personal data;
o The purpose of the processing;
o The categories of personal data concerned;
o Intended recipients or categories of recipients of the personal
data;
o The existence of their rights as data subjects, including the
right to access and correction, and the right to object; and
o Such other information that would sufficiently notify the data
subject of the nature and extent of the manner of processing
 SCHEDULE 1
PLDT Managed Cisco Meraki Device Network Administrator Privileges
A. Branch-In-A-Box Service - WiFi

Network-wide settings Wireless device settings

• Configure general access point settings and Meraki authentication • Configure SSIDs
• Set alerts • Define access control
• Enforce group policies • Configure firewall & traffic shaping
• Define of who has access to the network • Enable splash page
• View network administrator and network administrator privileges • Configure Bluetooth and radio settings
• Monitor clients, packet capture, event logs, summary report, and map and floor • Generate prepaid cards
plans • Monitor access point devices, map & floor plans, Air Marshal, location analytics,
location heatmap, splash logins, login attempts, PCI report, Account activity,
Bluetooth clients, RF spectrum and wireless health

B. Branch-In-A-Box Service - VPN and Security

Network-wide settings Security and SD-WAN device settings
• Configure general access point settings and Meraki authentication • Configure Addressing & VLANs, Wireless settings, DHCP settings, firewall, site-
• Set alerts to-site VPN, client VPN, Active directory, SD-WAN & traffic shaping, threat
• Enforce group policies protection, content filtering, access control, and wireless concentrator
• Define of who has access to the network • Monitor appliances, Security center, VPN status, Rogue APs, route table
• View network administrator and network administrator privileges
• Monitor clients, packet capture, event logs, summary report, and map and floor
plans

C. Telecommute Service

Network-wide settings
• Configure general access point settings and Meraki authentication
• Set alerts
• Enforce group policies
• Define of who has access to the network
• View network administrator and network administrator privileges
Monitor clients, packet capture, event logs, summary report, and map and floor plans
Security and SD-WAN (Head Office) device settings Teleworker gateway (Remote Office) settings
• Configure Addressing & VLANs, Wireless settings, DHCP settings, firewall, site- • Configure Addressing & VLANs, Wireless settings, DHCP settings, firewall, site-
to-site VPN, client VPN, Active directory, SD-WAN & traffic shaping, threat to-site VPN, client VPN, traffic shaping, and access control
protection, content filtering, access control, and wireless concentrator • Enable splash page
• Monitor appliances, Security center, VPN status, Rogue APs, route table • Monitor appliances, VPN status, Rogue APs, route table

Limitation of Liability
a) On behalf of Company Name, I understand and agree that PLDT, its officers, employees, agents, partners, and suppliers may not be held liable or responsible in any way for any service
quality, service availability, security, lost profits, revenues, business opportunities, business advantages whatsoever, nor for any direct, indirect, special, consequential, indirect or
incidental losses, damages, or expenses directly or indirectly arising from any consequence that may result from being granted Full Network Administrator Rights on the PLDT-provided
Device.
b) By this instrument, I, Name of Authorized Signatory in behalf of Company Name hereby exempt and release PLDT, its officers, employees, agents, partners, and suppliers as defined
above from all liability of responsibility whatsoever for any and all injury or damage that may be suffered by Company Name.
c) I have had sufficient time to review and seek explanation of the provisions contained above, have carefully read them, understand them fully, and agree to be bound by them. After
careful deliberation, I, on behalf of Company Name, voluntarily give my consent and agree to this Acceptance of Liability Waiver.

_______________________________________________________ _______________________________________________________ _______________________________________________________

Authorized Signatory Designation Date Signed
(Printed Name over Signature)

ANNEX
Data Privacy
Whenever applicable, in performing its obligations under this Document, PLDT Inc. as a third party data processor shall, at all times, comply with the provisions of Republic Act No. 10173 or
“the Data Privacy Act of 2012,” its implementing rules and regulations, and all other laws and government issuances which are now or will be promulgated relating to data privacy and the
protection of personal information. PLDT Inc., its officers, employees, and representatives undertake to:
a) Process personal data under the instructions stated in this Document as agreed upon by (client's name) and PLDT Inc. including transfers of personal data to another country or an
international organization, unless such transfer is authorized by law;
b) Implement required measures and systems that will enable data subjects or subscribers to reasonably exercise their rights under the Data Privacy Act of 2012;
c) Maintain proper records, and provide (client's name) the necessary access to such records, to the extent which will allow (client's name) to comply with the reasonable exercise by data
subjects or subscribers of their right to access under the Data Privacy Act of 2012;
d) Determine the appropriate level of security measures considering that of (client's name), taking into account the nature of the personal information to be protected, the risks represented
by the processing, the size of the organization and complexity of its operations, current data privacy best practices, and cost of security implementation;
e) Implement required security measures for data protection, including policies for evaluation, monitoring, and review of operations and security risks. Such measures shall aim to maintain
the availability, integrity, and confidentiality of personal data, and prevent negligent, unlawful, or fraudulent processing, access, and other interference, use, disclosure, alteration, loss,
and destruction of personal data;
f) Implement reasonable and appropriate organizational, physical, and technical measures intended for the protection of personal information against any accidental or unlawful destruction,
alteration, and disclosure, as well as against any other unlawful processing, or for such other purposes as may be required under the Data Privacy Act of 2012 or any other applicable
law or regulation;
g) Implement reasonable and appropriate measures to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful
access, fraudulent misuse, unlawful destruction, alteration, and contamination;
h) Ensure to the extent that it is necessary and reasonable, that its employees, agents, and representatives who are involved in the processing of personal information operate and hold
personal information under strict confidentiality;
i) Not engage another processor without prior instruction from (client's name): Provided, that any such arrangement shall ensure that the same obligations for data protection under this
Document are implemented, taking into account the nature of the processing;
j) Notify (client's name) as soon as it is reasonable to do so under the circumstances, to enable it to notify the National Privacy Commission and the affected data subject or subscriber
within the period prescribed under the Data Privacy Act of 2012, when sensitive personal information that may, under the circumstances, be used to enable identity fraud are reasonably
 believed to have been acquired by an unauthorized person, and the PLDT INC., (client's name), or the National Privacy Commission believes that such unauthorized acquisition is likely
to give rise to a real risk of serious harm to any affected data subject or subscriber;
k) Promptly notify (client's name) if, in its opinion, any instructions of (client's name) violates, or may be construed to violate, any provision of the Data Privacy Act of 2012 or any other
issuance of the National Privacy Commission;
l) Reasonably assist (client's name) in ensuring compliance with the Data Privacy Act of 2012, its implementing rules and regulations, other relevant laws, and other issuances of the
National Privacy Commission, taking into account the nature of processing and the information available to PLDT INC.
m) At the choice of (client's name), delete or return all personal data to the former after the end of the provision of services relating to the processing: Provided, that this includes deleting
existing copies unless storage is authorized by the Data Privacy Act of 2012 or another law;
n) Make available to (client's name) the information necessary to reasonably demonstrate, under the circumstances, compliance with the obligations laid down in the Data Privacy Act of
2012, and allow for and contribute to audits, including inspections, conducted by (client's name) or another auditor as agreed upon by the parties, to the extent necessary for compliance
with the Data Privacy Act of 2012; and
o) Include the foregoing in the privacy and security policy of PLDT INC. (http://www.pldt.com/privacy-policy).

I/We accept the Data Privacy Policy as stated above.

_______________________________________________________ _______________________________________________________ _______________________________________________________

Authorized Signatory Designation Date Signed
(Printed Name over Signature)