Privacy Policy

Information on the processing of personal data in accordance with the General Data Protection Regulation (GDPR)

1. Controller

The controller responsible for data processing on this website is:
Georg Peter Klinger
Lindengasse 15/2/1a
1070 Wien, Österreich
E-mail: kontakt [at] sightplanner [punkt] eu

2. Your Rights

With regard to the personal data concerning you, you are generally entitled to the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing (Art. 21 GDPR). To exercise these rights, please contact us at the address given above.

You also have the right to lodge a complaint with a supervisory authority. In Austria, this is the Austrian data protection authority (Datenschutzbehörde, dsb.gv.at).

3. Hosting & Server Log Files

This website is hosted by Vercel Inc. on servers in the USA. When you access the site, technically necessary access data is processed (including IP address, date and time, the resource accessed, browser type and referrer). This processing is necessary for the secure and stable provision of the website. The legal basis is our legitimate interest in a functioning web presence (Art. 6(1)(f) GDPR). Regarding the transfer of data to the USA, see section 9.

4. Registration and User Account

To use account-based features (e.g. saving plans and favourites), you can create an account. Accounts and sign-in are managed via the service provider Supabase; the data is stored on servers within the EU (Ireland). In this context we process in particular your e-mail address, a display name and technical access data. The legal basis is the performance of the user relationship (Art. 6(1)(b) GDPR).

Alternatively, you can sign in with your Google account (Google OAuth). In this case, the profile data required for sign-in (e.g. name, e-mail address) is transmitted to us by Google. The provider is Google Ireland Ltd. or Google LLC. The legal basis is your use of this optional sign-in method (Art. 6(1)(b) GDPR).

In connection with your account, we send system-related e-mails (e.g. to confirm registration and to reset your password). For this dispatch we use the service provider Brevo (Sendinblue SAS, France); the processing takes place within the EU. The legal basis is the performance of the user relationship (Art. 6(1)(b) GDPR).

Saved plans and favourites are linked to your account and serve solely to provide these features. You can have your account and the associated data deleted at any time.

5. Location and Attraction Search

To search for cities and attractions, we use the Google Places API; in doing so, to narrow the search results to your approximate region, we also transmit coarse location coordinates derived from your IP address to Google as a search bias (locationBias), which allow only an approximate, large-scale regional indication and no precise location determination. Your search queries are transmitted server-side via our servers to Google in order to return results. There is no direct connection between your browser and Google; Google does not set any cookies in your browser as part of this feature. The provider is Google Ireland Ltd. or Google LLC. The legal basis is the provision of the requested feature (Art. 6(1)(b) GDPR).

6. Security and Abuse Prevention

To protect against overload and abusive use, we apply a limit on the number of requests per time period. For this purpose, the IP address is processed briefly in the form of counters at the service provider Upstash (processing on servers within the EU, Ireland). The legal basis is our legitimate interest in the security and availability of the service (Art. 6(1)(f) GDPR).

7. Cookies and Local Storage

We use only technically necessary cookies. When you sign in, a session cookie is set that is required for the operation of the login. In addition, we store your current plan locally in your browser (session storage); this data remains on your device and is not transmitted to us. We do not use any analytics, tracking or advertising cookies, and no third-party tracking.

8. Partner Links (Affiliate)

SightPlanner contains links to booking partners (including Viator/Tripadvisor and GetYourGuide). When you click such a link, you are redirected to the respective partner's website. Only there can the partner set its own cookies and process data in accordance with its own privacy policy – over which we have no influence. By means of a partner identifier, a booking made via the link can be attributed to us, for which we receive a commission. This does not result in any additional costs for you.

9. Data Transfers to Third Countries

The hosting of our website (Vercel Inc.) takes place on servers in the USA; in this context, the access data referred to in section 3 is processed in a third country. The other services named store data on servers within the EU (Supabase and Upstash in Ireland; e-mails sent via Brevo are processed within the EU). Insofar as a transfer to the USA or access from the USA nevertheless takes place – for example because a provider belongs to a US company – this is based on an adequacy decision of the European Commission (EU-US Data Privacy Framework, Art. 45 GDPR), provided the respective provider is certified, and/or on the European Commission's standard contractual clauses (Art. 46 GDPR). In the case of Google, the contracting party is Google Ireland Ltd. (EU); insofar as Google LLC (USA) is involved, the same safeguards apply. Further information is available on request at the contact address given above.

10. Storage Period

We store personal data only for as long as is necessary for the stated purposes or as long as statutory retention periods apply. Account data is stored until your account is deleted. Server log files and security counters are automatically deleted or reset after a short period.

11. Contacting Us

If you contact us by e-mail, we process your details in order to handle your request. The legal basis is Art. 6(1)(b) or (f) GDPR.

Last updated: 2026

Privacy Policy | SightPlanner