Privacy Policy

We, Global Rhapsody GmbH, appreciate your interest in our website and would like to make your use of our website as comfortable as possible. The protection of your privacy is very important to us. Below we would like to inform you about the handling of your personal data and your related rights.

  1. Data Controller and Data Protection Officer

For the processing of your personal data in connection with this website, we are “controller” within the meaning of Art. 4 No. 7 GDPR.

You can contact us as follows:

Global Rhapsody GmbH
Fritz-Vomfelde-Straße 12
40547 Düsseldorf
Telephone: 0049-211-53 82 049-2
Telefax: 0049-211-53 82 049-4

Our Managing Director is Christoph Hermes
Our Data Protection Officer can be contacted via email

This Privacy Policy only applies to the website (hereinafter referred to as “website”) and our blog As far as we provide links to other websites (“third-party offers”) our Privacy Policy is not applicable for these third-party offers. Also, we are not a controller in the sense of GDPR for such third-party offers.

  1. Type and extent of data processing
    1. Processing of access data

You can browse our website and blog without having to provide any personal data. We only store the following types of access data in so-called server log files:

  • Date and time of website request
  • IP address

We only use these data to ensure our website and blog operate smoothly.

The IP address can be regarded as personal data, since, under certain conditions and with additional information provided by the respective Internet service provider, it allows to obtain the identity of the subscriber of the Internet connection.

In addition to the purpose mentioned above, we evaluate the IP address in the event of attacks on our Internet infrastructure.
In these cases, we have a legitimate interest in the sense of Art. 6 (1) (f) GDPR which stems from the need to ward off the attack, to identify the source of attack, to prosecute the responsible person under civil and criminal law, to effectively prevent further attacks, and to operate our website and blog smoothly.


We will delete your IP address as soon as we can rule out that our Internet infrastructure has been attacked by it. This is regularly the case after 3 months.

  1. Data processing in case of your inquiries

We offer you the opportunity to contact us by mail. In this case, we process the personal data you voluntarily provide to us when contacting us which includes at least your email address.


We will only process these data for the correspondence with you and for the purpose for which you have given us the data in the course of this communication, such as to contact you at your request. In this case, processing takes place on the basis of your consent in the sense of Art. 6 (1) (a) GDPR. Insofar as processing is necessary for the performance of a contract to which you are party or in order to take, at your request, steps prior to entering into a contract, processing is based on Art. 6 (1) (b) GDPR.


After completing your request, your data will be in compliance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

  1. Data processing by using our Quiz
    We have developed a special quiz which you can answer on our website.

In doing so, we collect data about

  • Your sex
  • Your age group
  • How often you exercise
  • A description of a typical day for you (e.g. ‘stay at home’ or ‘work manually’)
  • A true statement about you (e.g. ‘don’t get enough sleep’ or ‘cannot give up sweets’)
  • How easily you lose weight
  • How many times a day you eat
  • Your healthy lifestyle goal (e.g. ‘maintaining weight’ or ‘gain weight and muscles’)

After taking the quiz you will be asked to submit your email address.

We process the data in order to send you a personalized meal plan, thus for performing a contract with you, Art. 6 (1) (b) GDPR.

Your data will be stored in accordance with statutory retention periods and erased afterwards, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

  1. Use of Google Tag Manager

We make use of Google Tag Manager. This is a tool which helps us to manage website tags such like Google Analytics.

While using Google Tag Manger, no personal data are being processed.

  1. Use of Google Analytics

Additionally, we make use of Google Analytics. Google Analytics is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 904043, USA.

Google makes use of cookies which generate information about the use of our website and are usually transmitted to a Google server in the USA where they are stored.

Google will use this information on our behalf to evaluate the use of our website and to compile reports on website activities.

By using Google Analytics Audiences, we ensure that our ads meet the potential interest of users.


This is due to our legitimate interest of steadily improving our website and to make it as user-friendly as possible, Art. 6 (1) (f) GDPR.

Your personal data are anonymize which will secure that Google analytics isn`t able to track your IP address. Your IP address will not be merged with other data provided by Google. You can prevent the storage of cookies in your browser settings. You can also prevent the storage of cookies by installing a browser plug-in which can be downloaded here:

Further information e.g. storing or erasing your private data can be found in Google’s Privacy Policy which can be found here:

  1. Use of New Relic
    We us New Relic, a service provided by New Relic, Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

New Relic is is certified under the Privacy Shield Agreement, which is why it guarantees to comply with European data protection law:

New Relic processes aggregated performance data, which give information about the stability and any abnormalities of our website. In the event of errors, individual request of users may be processed pseudonymously to identify and correct the source of an error.

We use New Relict on the basis of our legitimate interest of steadily improving our website and to ensure it operates smoothly, Art. 6 (1) (f) GDPR.

Further information e.g. storing or erasing your private data can be found here:

  1. Use of Facebook Connect

Additionally, we use a social plugin of Facebook – a service provided by facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

Facebook is certified under the Privacy Shield Agreement, which is why it guarantees to comply with European data protection law

We use facebook on the basis of our legitimate interest to steadily improve our website, Art. 6 (1) (f) GDPR.

For further information see

  1. Use of Hotjar

We use a web analysis service called Hotjar on the basis of our legitimate interest of steadily improving our website and making it more attractive for visitors, Art. 6 (1) (f) GDPR.

Hotjar is a European enterprise, headquartered in Malta.

You can opt-out to Hotjar’s services by clicking

  1. Transfer of data to third countries

Basically, we will process your data exclusively within the EU/EEA-area.

Where data are processed to a third country, e.g. for performing a contract with you, we make sure that there exists an adequacy decision by the Commission or appropriate or suitable safeguards in the sense of Art. 46, 47 GDPR or derogations in the sense of Art. 49 GDPR or inform you otherwise in this Policy.


  1. Your rights

In connection with the processing of your personal data, you have the following rights. These can be basically exercised free of charge. However, where your requests for the rights set out in numbers 2 to 6 are manifestly unfounded or excessive, in particular because of their                 repetitive character, we may either

  • charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or
  • refuse to act on the request.


  1. Withdrawal of consent

You have the right to withdraw any consent you have given us for processing your data.          However, this will only effect future processing. The lawfulness of processing carried out on the basis on your original consent will not be affected.


  1. Confirmation and access

You have the right to request confirmation as to whether your person data is being processed. If this is the case, you are entitled to have access to the personal data in the sense of Art. 15 GDPR.


  1. Rectification and erasure

You have the right to demand rectification of incorrect personal data and the completion of incomplete data (Art. 16 GDPR) as well as, under the conditions of Art. 17 GDPR, erasure of your data.


  1. Restriction of processing

You have the right to restrict the processing of your personal data under the conditions of Art. 18 GDPR.

  1. Right to object

On grounds relating to your particular situation and where processing is based on Art. 6 (1) (e) or (f) GDPR, you may object to the processing of your personal data at any time. We then will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the              establishment, exercise or defense of legal claims.


  1. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without our hindrance. However, this right exists only insofar as the processing is based on your consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b); and the processing is carried out by automated means.

This right is precluded as far as rights and freedoms of other persons (in particular personal data of third parties, business or company secrets existing on our parts, copyrights) are             concerned.

  1. Obligation to provide data

There is no obligation for you to provide your personal information. However, if you do not provide the data required by this privacy statement, you may not be able to use certain services or features in question in whole or in part.

  1. Right to lodge a complaint

Insofar as you believe that we do not properly comply with the obligations stipulated in data protection law, you have the right to lodge a complaint with a supervisory authority.

The competent supervisory authority would be:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20044
40102 Düsseldorf
Telephone: 0049 211/384240
Telefax: 0049 211/3842410

  1. Updating our Privacy Policy

New legal or regulatory requirements or new features on our website may require an update of this Privacy Notice. In these cases we will provide further information here.
It is therefore recommended to periodically review this Policy for any changes.

The latest version of this Policy can be found as conclusion.

  1. Printing and storing the Privacy Policy

You can print and save this Privacy Policy directly via the print or save function of your browser.

May 2018