5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at http://www.flavor.school, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data available at http://www.flavor.school or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that it complies with all applicable data protection legislation and will not cause the Supplier to be in breach of such laws;
(c) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf:
(d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(e) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.