{
    "schema": "https://saferpage.de/schemas/consent-ledger-readiness.v1",
    "generated_at": "2026-07-04T01:41:22+00:00",
    "domain": "igw.ustp.at",
    "available": true,
    "scan": {
        "id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
        "checked_at": "2026-07-03 23:27:40.213004+02"
    },
    "summary": "igw.ustp.at: Consent-Ledger-Blueprint mit 14 Datenfeldern, 7 Ereignissen, 7 Log-Zeilen und 6 Kategorien für auditierbare Einwilligungsnachweise.",
    "score": 60,
    "categories": [
        {
            "id": "notwendig",
            "label": "Notwendig",
            "consent_mode_key": "security_storage",
            "default_state": "granted",
            "requires_ledger": true,
            "evidence": "Notwendige Dienste getrennt von optionalen Einwilligungen speichern."
        },
        {
            "id": "statistik",
            "label": "Statistik",
            "consent_mode_key": "analytics_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "0 Akzeptieren-Control(s), Consent-Zustände getrennt protokollieren."
        },
        {
            "id": "marketing",
            "label": "Marketing / Tracking",
            "consent_mode_key": "ad_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "4 Tracking-Cookie(s) vor Consent, 0 datenschutzrelevante Drittanbieter."
        },
        {
            "id": "externe_medien",
            "label": "Externe Medien",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "komfort",
            "label": "Komfort",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "unklar",
            "label": "Unklar / blockieren",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        }
    ],
    "events": [
        {
            "id": "banner_shown",
            "label": "Banner angezeigt",
            "trigger": "Erstaufruf ohne gespeicherte Entscheidung",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "evidence": "Belegt, welche Version Nutzer gesehen haben."
        },
        {
            "id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "trigger": "Nutzer klickt Akzeptieren oder speichert Kategorien",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "evidence": "Zentrale Nachweiszeile für aktive Einwilligung."
        },
        {
            "id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "trigger": "Nutzer klickt Ablehnen",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "evidence": "Ablehnen muss genauso auditierbar sein wie Akzeptieren."
        },
        {
            "id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "trigger": "Privacy-Trigger oder Preference Center ändert Entscheidung",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "evidence": "Widerruf überschreibt Downstream-Zustände und muss nachvollziehbar bleiben."
        },
        {
            "id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "trigger": "Browser sendet Global Privacy Control",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "evidence": "2 Datenschutz-Domain(s) im GPC-Kontext."
        },
        {
            "id": "vendor_sync",
            "label": "Downstream-Sync",
            "trigger": "Tag Manager, Analytics, Ads, CRM oder CMP erhält Status",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "evidence": "4 datenschutzrelevante Browserkontakt(e) aus dem Scan."
        },
        {
            "id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "trigger": "Nach Ihrer Änderung erneut prüfen",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "evidence": "Verbindet Betreiberentscheidung mit technischer Scan-Evidenz."
        }
    ],
    "fields": [
        {
            "field": "consent_id",
            "type": "uuid/string",
            "purpose": "Eindeutiger Nachweisdatensatz",
            "privacy_note": "Nicht als Klartext-Personenkennung verwenden."
        },
        {
            "field": "subject_key_hash",
            "type": "sha256/string",
            "purpose": "Wiedererkennung ohne Klartext-ID",
            "privacy_note": "Salt/Rotation und Zugriffsschutz dokumentieren."
        },
        {
            "field": "domain",
            "type": "string",
            "purpose": "Betroffene Website",
            "privacy_note": "Mandanten-/Domain-Trennung erzwingen."
        },
        {
            "field": "region",
            "type": "string",
            "purpose": "DE/EU/CH/AT oder CMP-Region",
            "privacy_note": "Regelbasiertes Verhalten nachvollziehbar machen."
        },
        {
            "field": "banner_version",
            "type": "string",
            "purpose": "Version der Consent-Oberfläche",
            "privacy_note": "Bei Text-/Layoutänderung erhöhen."
        },
        {
            "field": "policy_version",
            "type": "string",
            "purpose": "Datenschutz-/Cookie-Hinweis-Version",
            "privacy_note": "Mit veröffentlichtem Hinweis und Datum verbinden."
        },
        {
            "field": "categories_json",
            "type": "json",
            "purpose": "Status je Kategorie",
            "privacy_note": "Nur notwendige Kategorien speichern."
        },
        {
            "field": "services_json",
            "type": "json",
            "purpose": "Optionaler Status je Dienst",
            "privacy_note": "Dienste aus Anbieterregister synchronisieren."
        },
        {
            "field": "action",
            "type": "enum",
            "purpose": "accept, reject, save, withdraw, gpc",
            "privacy_note": "Ablehnung und Widerruf gleichwertig protokollieren."
        },
        {
            "field": "ip_hash",
            "type": "string/null",
            "purpose": "Missbrauchs-/Nachweisbezug",
            "privacy_note": "Klartext-IP vermeiden; Speicherfrist begrenzen."
        },
        {
            "field": "user_agent_hash",
            "type": "string/null",
            "purpose": "Technischer Kontext",
            "privacy_note": "Nicht für Tracking oder Profiling verwenden."
        },
        {
            "field": "evidence_ref",
            "type": "string",
            "purpose": "Verweis auf Scan, Screenshot oder Export",
            "privacy_note": "Keine sensiblen Rohdaten in öffentliche Exporte schreiben."
        },
        {
            "field": "created_at",
            "type": "datetime",
            "purpose": "Zeitpunkt der Entscheidung",
            "privacy_note": "Zeitzone und Serverzeit stabil halten."
        },
        {
            "field": "expires_at",
            "type": "datetime/null",
            "purpose": "Review-/Ablauffrist",
            "privacy_note": "Regelmäßige Erneuerung und Löschung planen."
        }
    ],
    "transaction_log_template": [
        {
            "transaction_id": "8bf4b05e0e5eadc1f208c565",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "banner_shown",
            "label": "Banner angezeigt",
            "action": "show",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:27:40+00:00",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "previous_hash": "3f21bb89934a16b893682ba03fd4eb4ae0b8d52348a5b8f388f14f269a6a3a53",
            "row_hash": "760947b6e2080920bb3d57f7ff7a15bf7f7c201d971706ad042383151b86a694"
        },
        {
            "transaction_id": "4ac3fdce114d8cf20a41bfd6",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "action": "accept_or_save",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "granted_if_selected"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:28:40+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "previous_hash": "760947b6e2080920bb3d57f7ff7a15bf7f7c201d971706ad042383151b86a694",
            "row_hash": "3cdb7c11b1625e18cfdd1e4f684c530d3206b7d0c649c0aecbc05bb8686c82d3"
        },
        {
            "transaction_id": "d0cdb56ff52a2bdb75fea95d",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "action": "reject",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:29:40+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "previous_hash": "3cdb7c11b1625e18cfdd1e4f684c530d3206b7d0c649c0aecbc05bb8686c82d3",
            "row_hash": "ea960552ddca31b3a420dc704f191705f07c35ee49105e61efcf37b3b5650740"
        },
        {
            "transaction_id": "997d45b41001b334066243af",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "action": "withdraw",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:30:40+00:00",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "previous_hash": "ea960552ddca31b3a420dc704f191705f07c35ee49105e61efcf37b3b5650740",
            "row_hash": "600fcc4e4822625de28b691e82cd29b242b3689d413e35a6fda7df3fb1e8c990"
        },
        {
            "transaction_id": "9021d34d48d7930e9f166376",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "action": "gpc",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:31:40+00:00",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "previous_hash": "600fcc4e4822625de28b691e82cd29b242b3689d413e35a6fda7df3fb1e8c990",
            "row_hash": "32425619252298dc5fb53019f022aee735539e6115994f7bdbbf85774f878b78"
        },
        {
            "transaction_id": "58cf66087a3a54a2313c6157",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "vendor_sync",
            "label": "Downstream-Sync",
            "action": "sync",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:32:40+00:00",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "previous_hash": "32425619252298dc5fb53019f022aee735539e6115994f7bdbbf85774f878b78",
            "row_hash": "3d3664025bae44a256cea5eed24a45a31896fcd3d100bca3b89337b772e3a548"
        },
        {
            "transaction_id": "ea265649c74e8c078e3cc33c",
            "domain": "igw.ustp.at",
            "scan_id": "8b32ccc0-edc2-41b7-9a35-155db8900eb0",
            "event_id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "action": "rescan",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/igw.ustp.at/export",
            "created_at": "2026-07-03T21:33:40+00:00",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "previous_hash": "3d3664025bae44a256cea5eed24a45a31896fcd3d100bca3b89337b772e3a548",
            "row_hash": "db86dd5a11ec6558a52fca22783679e7efca84812ef7c2df78f03cf085ab848c"
        }
    ],
    "log_export_controls": [
        {
            "id": "domain_period",
            "label": "Domain und Zeitraum",
            "control": "Export immer nach Domain, Zeitraum und Rechtsraum filtern; keine domainübergreifenden Rohlogs ohne Zweckfreigabe."
        },
        {
            "id": "pseudonymization",
            "label": "Pseudonymisierung",
            "control": "Subject-, IP- und User-Agent-Bezug nur gehasht und mit Zugriffsschutz exportieren."
        },
        {
            "id": "hash_chain",
            "label": "Hashkette",
            "control": "Jede Zeile enthält previous_hash und row_hash, damit nachträgliche Änderungen auffallen."
        },
        {
            "id": "dsar_scope",
            "label": "Betroffenenrechte",
            "control": "DSAR-Export trennt Nachweiszweck, technische Logs und Lösch-/Sperrentscheidungen."
        },
        {
            "id": "retention_window",
            "label": "Aufbewahrung",
            "control": "Nachweisfrist und Löschfristen je Zweck dokumentieren; abgelaufene Rohdaten aggregieren oder löschen."
        }
    ],
    "storage_controls": [
        {
            "id": "minimize",
            "label": "Daten minimieren",
            "action": "Klartext-IP, User-Agent und Personenkennung vermeiden; Hash/Salt und kurze Fristen verwenden."
        },
        {
            "id": "versioning",
            "label": "Versionen speichern",
            "action": "Banner-, Policy-, Kategorie- und Anbieterregister-Version bei jeder Entscheidung speichern."
        },
        {
            "id": "withdrawal",
            "label": "Widerruf aktiv synchronisieren",
            "action": "Widerruf an Tag Manager, CMP, Analytics, Ads und CRM weitergeben und Synchronisierung protokollieren."
        },
        {
            "id": "retention",
            "label": "Löschfrist festlegen",
            "action": "Nachweisfrist, Zweckende, erneute Einwilligung und DSAR-Löschung als Löschtrigger definieren."
        },
        {
            "id": "access",
            "label": "Zugriff beschränken",
            "action": "Ledger nur für Datenschutz/Compliance/IT freigeben; Exportzugriffe protokollieren."
        }
    ],
    "snippets": [
        {
            "id": "sql_table",
            "label": "SQL Ledger Tabelle",
            "placement": "Backend-Datenbank oder Consent-Service",
            "code": "CREATE TABLE consent_ledger_igw_ustp_at (\n  consent_id text PRIMARY KEY,\n  subject_key_hash text NOT NULL,\n  domain text NOT NULL,\n  region text NOT NULL,\n  banner_version text NOT NULL,\n  policy_version text NOT NULL,\n  action text NOT NULL CHECK (action IN ('accept','reject','save','withdraw','gpc')),\n  categories_json jsonb NOT NULL,\n  services_json jsonb NOT NULL DEFAULT '{}'::jsonb,\n  gpc_signal boolean NOT NULL DEFAULT false,\n  ip_hash text,\n  user_agent_hash text,\n  evidence_ref text,\n  created_at timestamptz NOT NULL DEFAULT now(),\n  expires_at timestamptz\n);\nCREATE INDEX consent_ledger_igw_ustp_at_subject_idx ON consent_ledger_igw_ustp_at (subject_key_hash, created_at DESC);"
        },
        {
            "id": "browser_event",
            "label": "Browser Event Bridge",
            "placement": "Nach Banner-Entscheidung, serverseitig validieren",
            "code": "window.addEventListener('saferpage-consent-update', function (event) {\n  fetch('/privacy/consent-ledger', {\n    method: 'POST',\n    headers: {'Content-Type': 'application/json'},\n    credentials: 'same-origin',\n    body: JSON.stringify({\n      domain: 'igw.ustp.at',\n      banner_version: 'v1',\n      policy_version: 'privacy-notice-current',\n      action: 'save',\n      categories: event.detail,\n      evidence_ref: window.location.href\n    })\n  });\n});"
        }
    ],
    "links": {
        "ledger_center": "https://saferpage.de/consent-ledger/igw.ustp.at",
        "json": "https://saferpage.de/consent-ledger/igw.ustp.at/export",
        "csv": "https://saferpage.de/consent-ledger/igw.ustp.at/export-csv",
        "markdown": "https://saferpage.de/consent-ledger/igw.ustp.at/runbook-md",
        "transactions_jsonl": "https://saferpage.de/consent-ledger/igw.ustp.at/transactions-jsonl",
        "banner_template": "https://saferpage.de/consent-banner/igw.ustp.at",
        "consent_region": "https://saferpage.de/consent-region/igw.ustp.at",
        "consent_center": "https://saferpage.de/consent/igw.ustp.at",
        "consent_journey": "https://saferpage.de/consent-journey/igw.ustp.at",
        "consent_mode": "https://saferpage.de/consent-mode/igw.ustp.at",
        "operator_board": "https://saferpage.de/betreiber/igw.ustp.at",
        "report": "https://saferpage.de/igw.ustp.at"
    },
    "sources": [
        {
            "title": "iubenda Consent Database",
            "url": "https://www.iubenda.com/privacy-policy/252372/cookie-policy.pdf",
            "note": "Orientierung für Consent-Datenbank als Nachweisfunktion."
        },
        {
            "title": "OneTrust Privacy Operations",
            "url": "https://www.onetrust.com/products/privacy-operations/",
            "note": "Orientierung für Workflows, Risk Mitigation und Privacy Operations."
        },
        {
            "title": "Cookiebot scan reports",
            "url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report",
            "note": "Orientierung für wiederkehrende Scan- und Report-Nachweise."
        }
    ],
    "disclaimer": "Der Ledger-Blueprint ist eine technische Betreiber-Vorlage. Rechtsgrundlage, Speicherfrist, Zugriffsschutz und Integration in CMP/Backend müssen fachlich freigegeben werden."
}
