top of page

Data Privacy Policy


We at Eat the Rainbow respect your privacy. As a user of the website, our applications, or other services (hereinafter collectively the “Eat the Rainbow Services”), your privacy is protected, and we feel a strong commitment to protect your privacy. The purpose of this Data Privacy Policy is to explain to you which personal data and non-personal data is collected by us and how we use such data.

This Data Privacy Policy applies to all Eat the Rainbow Services. Therefore, please read this Data Privacy Policy carefully.

If you do not accept this Data Privacy Policy and the consents associated therewith, please do not use the Eat the Rainbow Services.

Last revised: June 2021

This is the current version of Eat the Rainbow’s data privacy policy and applies for all users.

General provisions


To be able to use our services, you must register. Already during the registration process you will provide us with certain personal data. How we use such data and what rights you have in connection therewith is explained in this Data Privacy Policy.

You will also transfer certain information to us when you access our website or the Eat the Rainbow App, e.g., your IP address. We will also receive data about which terminal device (computer, smartphone, tablet, etc.) you are using, which browser (Internet Explorer, Safari, Firefox, etc.) you are using, the time at which you access the website, the so-called referrer, and the data volume transferred.

Such data cannot be used by us to identify the user. They are used for statistical purposes only. Such analyses help us make our services more attractive and, if necessary, to improve our services.

What is personal data?


The term “personal data” is defined by the European General Data Protection Regulation (GDPR). You can think of your personal data as any data that allows you to be identified or that can be correlated to you. Such data includes, for example, your name and contact information. We need some of this information so that we can offer you our Eat the Rainbow Services.

On the other hand, “non-personal” data cannot be correlated to any specific user. By removing identifiable parts from, and anonymizing personal data, personal data can be converted into “non-personal data.”

How is personal data collected and processed?


Personal data is collected by us if you provide such data to us on your own initiative. This happens, for example, when you contact us, or sign up for our newsletter. We will use personal data you have provided to us only if and to the extent necessary for providing our services and handling of the contract or if you have consented that we may use your data for the purposes described in this Data Privacy Policy.

Your personal data will be stored for as long as this is necessary for achieving the defined purposes. If you cancel your user account, we will also erase or block your personal data. An exception applies only if we have a legal obligation to archive data for a certain time period.


What are log files?


A log file automatically logs all or defined actions on a computer system. Such log files are important, for example, for process control and automation. In the case of databases a log file tracks changes to the database of correctly executed transactions. In the event of an error (e.g., a system crash), this allows the current dataset to be restored. Log files are also created by web servers. Inter alia, the following data are logged: the address of the accessing computer, authentication fields, date and time of access, access method, content of HTML access, status code of the web server, and information about the browser and operating system used by the client.

Every time you access our website the aforementioned data will be automatically stored in log files.

What are cookies and tracking pixels?


We collect information about visitors to our website and about users of our Eat the Rainbow App in order to improve our services. For this purpose we use different kinds of so-called cookies and tracking pixels (a.k.a. web beacons).

A cookie allows a web server to place a text file (e.g., a clear ID) on your computer or smart phone/tablet. Cookies are used, for example, to automatically recognize you the next time you visit our websites or use the Eat the Rainbow App. The cookie is sent either by the web server to your browser or is generated by client-side scripting (e.g., JavaScript). Cookie data will be stored locally on your terminal device and in most cases will be effective only for a limited time period.

Websites that include flash media write user-specific data to your computer and later read such data. Such files are called flash cookies or local shared objects (LSO). Such files are not managed by your browser, but rather by the flash player plug-in. Flash cookies are subject to the same rules as conventional cookies. Flash cookies, too, can only be read by the website that caused those flash cookies to be placed. However, flash cookies can store a substantially greater volume of data.

Your browser offers extensive setting options to manage cookies. For example, you can deactivate cookies in your browser or limit cookies to certain websites. You can also program your browser to first notify you before a cookie is placed. You can also choose these settings on your mobile terminal devices. You can at any time manage cookies by changing the settings of your devices, delete cookies, or block cookies altogether.

You can also visit our website even if you block cookies on your terminal device. If you block cookies, the display of our website may however be impaired and not all functions may be available to you. You can also use the Eat the Rainbow App without cookies. In that case, you may however no longer be able to use all functions of the App as conveniently.

Tracking pixels are small graphics in HTML emails or on websites. When you access such a website, your access to the tracking pixel will be recorded in a log file. This allows statistical analyses which, in turn, can be used to improve our services. You can set your email program or your browser so that HTML emails will be displayed as text only, thereby preventing the use of some tracking pixels.

Which types of data do we collect, process, and use?


We collect three types of data:


data you provide to us voluntarily,


data we receive when you use our services, and


data we receive from third parties.


In other words, we process and use data (including personal data) you make available to us voluntarily on the website or through the Eat the Rainbow App in various situations (e.g., when you send us an email). We also use data that is collected automatically on our website or through the Eat the Rainbow App. Finally, we may also receive data about you from third parties, for example when another user provides us with information about you.

It is therefore impossible to provide you with an exhaustive list of all possible types of data that we may possibly collect, process and use. Typically, we collect, process and use the following data:


your email address

your username and password;

your user profile data;

your user preferences (e.g., preferred language settings);

your IP address, operating system, browser type, browser version, browser configuration, name of Internet provider, and any other relevant information regarding your computer and Internet connection in order to identify the type of your device, to connect you to the website, to exchange data with your (mobile) terminal device, or to ensure proper use of the website and Eat the Rainbow App;

the URL and IP address of the website from which you access our website or from which you are transferred to our website, including date and time;

any pages of our website on which you click during your visit, and any links on our website on which you click, including date and time;

the entire Uniform Resource Locator (URL) clickstream regarding, through, and from the website, including date and time;

your service inquiries and your orders;

your transaction history, including open and completed transactions;

information regarding your orders and payments;

information collected by cookies or similar technologies (as explained below);

your survey answers, critiques, evaluations, or other responses;

the content of all messages sent through the website or Eat the Rainbow App, including information uploaded to social networks through the website or the Eat the Rainbow App or otherwise shared with us and/or other users;

information about workouts you download using the Eat the Rainbow App;

your newsletter subscriptions;

any consents you have given us;

any other information input or uploaded by you through the website or the Eat the Rainbow App (e.g., information you provide when completing an online form, photos you upload).

Where is data stored?


We use cloud services. This means we will transfer your data to a third party – the cloud services provider – and store data on the servers of that provider. In some cases, your data may also be stored on servers outside the European Union (EU) or European Economic Area (EEA). In some cases, your data may also be processed there. We either ensure through appropriate contracts that such service providers guarantee the same level of data privacy to which you are also entitled in the European Union or we use only providers that are EU-US Privacy Shield certified ( Either alternative ensures an appropriate level data privacy.

For what purposes is data used?


We will collect, process, and use your personal data and other data in particular for the following purposes:


to administrate, operate, maintain, and improve the website and the Eat the Rainbow App;


to allow and process orders for services placed by you through the website or the Eat the Rainbow App;


to customize your experience of our website or the Eat the Rainbow App (e.g., by tailoring content and offers to your personal preferences);


to assess your right to receive certain types of offers or services;

to support the improvement and customization of the Eat the Rainbow Services;


to analyze and research customer behavior;


to respond to your questions and inquiries;


to provide you with information about services that may be of interest to you;

to communicate with you about certain concerns;


to manage awards, surveys, winning games, lotteries, or other promotional activities or events;


to comply with our legal obligations to prevent any unlawful use of the website or Eat the Rainbow App, to settle disputes, and to enforce our contracts;


for any other purposes to which you have consented in a particular case, or otherwise as permitted by applicable law.


If required by law, we will ask for your consent before collecting, processing, or using your personal data for any of the aforementioned purposes. 


We will also notify you if we want to use your personal data for a new or different purpose. We will use your personal data for such other purposes only if and to the extent necessary or permitted by applicable law or with your consent.

Registration of Eat the Rainbow user account


You may create a user account for Eat the Rainbow through our login system. Following registration, you will be able to use your user account to subscribe to all Eat the Rainbow Services. To register, you must provide us with at least the following information:


email address


Before completing the registration process, you must confirm that you have read our Data Privacy Policy and accept our General Terms and Conditions. The Eat the Rainbow App also enables you to provide us with additional information, such as your nutrition preferences. After registering, you can add more information to your profile.



Collection, processing, and use of data in connection with the Eat the Rainbow App

Eat the Rainbow offers support in the areas of nutrition, aiming to make eating more fun. After registering with Eat the Rainbow, you will be able to add food items consumed to your journal and see a rainbow corresponding with the colors of the foods you ate.

During the registration process you will provide us only with non-personal data, such as your name. After registering, you can add additional information to your user profile. If you do so, you will provide us with personal data. If you create a journal entry, we will receive information about which foods you have entered on the app. We will also receive information about how you use the Eat the Rainbow App.

We use all such data to improve our products or to support your workouts. For example, we will send you reminders to motivate you to eat more color with our App. We also use such data for marketing purposes.

For you to be able to use the Eat the Rainbow App to its full extent, we will also need certain access rights to your smartphone. For example, we need access to your camera or your photos if you upload or want to change a profile photo. We use push notifications to send you nutrition reminders or to notify you of new content. When you want to use such a function for the first time, we will ask you whether you grant us such access rights or we will ask you to grant us access by selecting the appropriate settings. Generally, you may revoke such access rights at any time by changing the related settings.

How to contact us


You can contact us by sending us messages to our email address.


If you transmit personal data to us by email, we will use such data only for the purpose for which you entrust us with such data when you contact us.


The same applies when you communicate with us by using a contact form.




You can register for our newsletter. That way, you will receive regular updates about the Eat the Rainbow Services. All you need to receive our newsletter is a valid email address. If you are no longer interested in receiving the newsletter, you may unsubscribe at any time using the link that is included in each newsletter.

Cookies and tracking pixels


We use our own cookies and tracking pixels. As explained above, this will, however, allow no inferences as to your identity.

Data processing – third-party services and partners


To be able to offer you all functions and services of the app in the most convenient way possible and to be able to continuously improve our product, we may use third-party services and partners. We also use the assistance of third parties to improve our website. Finally, we use certain tools for our marketing. What tools we use and for what purposes is explained below:


14.1 Google

We use a number of different Google services (Google Inc., 1600 Amphitheater Pkwy., Mountain View, CA 94043, U.S.A. – hereinafter “Google”) for analysis and marketing purposes. These tools collect and statistically analyze data about your use of our services in different ways. We may also use your data to show you personalized ads with the help of Google services. By using our website or our Eat the Rainbow Services, you consent to us using your data for these purposes. In what follows, we will explain the different services and the ways in which you can to conveniently revoke your consent and we provide you with additional important information. Additional information about how Google handles data transmitted by us is available here:

You can find additional information about how Google uses cookies in the data privacy policy of Google (

Information generated by Google tools is generally transferred to a server of Google in the United States and stored there. Google and its subsidiaries are EU-US Privacy-Shield certified.

14.1.1 Our app and our website use Google Analytics, a web analysis program of Google. Google Analytics uses cookies that are stored on your terminal device and allow an analysis of your use. We activate IP address anonymization so that IP addresses will first be truncated by Google within the European Union. On our behalf, Google uses such information to analyze your use of our services as well as the use of our services by other users and provides us with reports and other services. The IP address transmitted from your terminal device to Google Analytics will not be merged with any other data of Google. Google will transfer your data to third parties only if permitted by applicable law or in accordance with outsourced data processing agreements.

You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. As an alternative, you can also install a browser plug-in, which you can find here:

14.1.2 DoubleClick by Google uses cookies to show you ads that are relevant to you. In the process, a pseudonymous identification number (ID) is assigned to you to monitor which ads have been shown in your browser and which ads have been clicked. Such cookies contain no personal information. DoubleClick cookies allow Google and its partner websites to show ads on the basis of previous visits to our website or other websites on the Internet. Information generated by such cookies is transferred by Google to a server in the United States for analysis, where it is stored. Google never merges your data with any other data of Google. Data is transferred to third parties by Google only if permitted by applicable law or in accordance with outsourced data processing agreements.

If you wish to receive no personalized ads, you can place an opt-out cookie:

You can also install the DoubleClick deactivation browser add-on. You will find this browser plug-in here:

14.1.3 Google AdWords: We use Google AdWords to advertise our offers. Following a search on Google, our ads will be shown in the areas designated for this purpose. With the help of cookies our website registers how many users have found our services through our ads. We use such data to optimize our ads. A cookie is stored by Google when an ad is clicked. You can block the cookie by selecting the related settings in your browser. In that case, your visit to our website will not be included in anonymous user statistics.

If you wish to receive no personalized ads, you can place an opt-out cookie:

You can block cookies, for example, by installing an appropriate browser plug-in, which is available here:

14.1.4 In addition, we use Google Dynamic Remarketing functions on our website. This technology allows us to show automatically generated, target group-based ads following your visit to our website. The ads shown are based on products and services on which you have clicked or which you viewed during your last visit to our website. Google uses cookies to generate interest-based ads. If you wish to receive no user-based ads from Google, you can deactivate ads by selecting the related settings on Google.

If you wish to receive no personalized ads, you can place an opt out cookie:

You can block personalized ads by installing the appropriate browser plug-in, which is available here:

You can also block personalized ads from Google and other advertising networks by opting out on the following page:

14.1.5 Firebase is a Google subsidiary with its registered office in San Francisco, CA, U.S.A. We use Firebase SDK and Google Analytics for Firebase for our Eat the Rainbow App. This tool allows us to use the same Google Analytics functions for an app that can also be used for websites. Firebase uses technologies that work similar to cookies, in particular advertising IDs. This way, we collect information about how you use the Eat the Rainbow App. We use such data for statistical analysis purposes, to test our offers (e.g., A/B testing), and to improve our offers. In addition, we use such information for personalized advertising. By using our services you consent to our collection of such data. In addition, we use Firebase Remote Config to make changes to our Eat the Rainbow App.

If you do not wish that such data is collected, you may opt out at any time. You can conveniently do so, for example, by selecting the appropriate settings in your mobile terminal device. How you can prevent such data from being collected on your android device is explained, for example, here:

On your iOS device you will find the appropriate setting under Settings > Data Privacy > Advertising.

14.1.6 In addition, we use Crashlytics to analyze the application stability of our Eat the Rainbow App. Crashlytics is a subsidiary of Google. Crashlytics delivers analyses of errors and system crashes in real time, thereby facilitating maintenance of the application. In the process, none of your personal data will be transmitted, but only crash reports with information about register codes and your device, e.g., type of device and version of operating system.

The diagnostic data collected is processed in the United States. Like Google and other subsidiaries of Google, Crashlytics is EU-US Privacy Shield certified.

Diagnostic information is subject to the data privacy policy of Crashlytics, which is available here:

14.2 Social plug-ins


We use the following social plug-ins for our website:


Pinterest (operator: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA)

These plug-ins routinely collect data from you and transfer such data to servers of the provider.


Once activated, such plug-ins will also record your IP address. In addition, activated social plug-ins will place a cookie with a clear ID when the relevant website is accessed. This also allows providers to create profiles of your user behavior. Such a cookie is placed whether or not you are a member of the social network. If you are a member of a social network and are logged in when you visit our website or when you use the Eat the Rainbow App, data and information about your visit to our website or your use of the Eat the Rainbow App may be linked to your profile on the social network. Please note that we have no control over the exact extent to which your data will be collected by social network providers. For more information about the extent, type, and purpose of data processing and about rights and settings to protect your privacy, please refer to the data privacy policy of the relevant social network provider. These are available at the following addresses:



14.3 Pinterest

On our website we use the “Pin it” button plug-in of Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, U.S.A.). When you visit our website this plug-in establishes a direct connection between your browser and the Pinterest server. This tells Pinterest that you have visited our website with your IP address. If you are logged into Pinterest during your visit, you can share content on Pinterest by clicking on the “Pin it” button. This way, Pinterest can also correlate your visit to our website to your Pinterest user account. Again, please note that as a provider of your website, we do not know the content of transferred data or how such data is used by Pinterest, nor do we have any control over this process. You will find the data privacy policy of Pinterest here:,

You can change the settings for the storage of your data here: You can do so whether or not you are a Pinterest user.

Transfer of data to third parties


Your personal data will be transferred to third parties only if we have a legal obligation to do so, if the data transfer is necessary for performance of the contract, or if you have consented to the transfer of your data. Third-party service providers and partner companies will receive your data only if and to the extent necessary for performance of the contract or with your consent. In such cases, the extent to which data are transferred will however be kept to the absolute minimum. To the extent that our service providers come into contact with your personal data, we will make sure that they too will comply with all applicable data protection laws. Please also read the data privacy policies of such third-party providers.



Data security


Data transfers are generally subject to security gaps. It is technically impossible to protect your data 100% from access by third parties. However, we strive to minimize this risk as much as possible. We therefore maintain state-of-the-art measures to guarantee data security and to protect your data from access by third parties. In addition, we use strong SSL or TLS encryption for all data transfers. However, please make sure not to provide your login data to any third parties.

Websites of third parties


We occasionally place links to websites of third parties. Although we carefully select such third parties, we make no guarantee and assume no liability for the correctness or completeness of content or data security of any third-party websites. Nor does this Data Privacy Policy apply to linked third-party websites. We assume no responsibility for data privacy policies or content of any other websites.

Changes to this Data Privacy Policy


We may need to make changes to this Data Privacy Policy, for example if we add new functions or services to the app. We will however notify you of any changes and ask that you read and accept such changes before they are implemented by us.

Your rights: information/revocation/erasure and data controller

You may at any time and at no cost demand information about your personal data that is processed by us, correction of any errors in your personal data, termination of processing of your personal data, or erasure of your personal data – subject to mandatory legal provisions or obligations to the contrary. To exercise these rights, simply contact us at any time by email at:

bottom of page