{
    "schema": "https://saferpage.de/schemas/consent-ledger-readiness.v1",
    "generated_at": "2026-07-02T09:29:48+00:00",
    "domain": "kinderregion.ch",
    "available": true,
    "scan": {
        "id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
        "checked_at": "2026-07-01 23:28:36.47498+02"
    },
    "summary": "kinderregion.ch: Consent-Ledger-Blueprint mit 14 Datenfeldern, 7 Ereignissen, 7 Log-Zeilen und 6 Kategorien für auditierbare Einwilligungsnachweise.",
    "score": 60,
    "categories": [
        {
            "id": "notwendig",
            "label": "Notwendig",
            "consent_mode_key": "security_storage",
            "default_state": "granted",
            "requires_ledger": true,
            "evidence": "Notwendige Dienste getrennt von optionalen Einwilligungen speichern."
        },
        {
            "id": "statistik",
            "label": "Statistik",
            "consent_mode_key": "analytics_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "1 Akzeptieren-Control(s), Consent-Zustände getrennt protokollieren."
        },
        {
            "id": "marketing",
            "label": "Marketing / Tracking",
            "consent_mode_key": "ad_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "0 Tracking-Cookie(s) vor Consent, 0 datenschutzrelevante Drittanbieter."
        },
        {
            "id": "externe_medien",
            "label": "Externe Medien",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "komfort",
            "label": "Komfort",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "unklar",
            "label": "Unklar / blockieren",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        }
    ],
    "events": [
        {
            "id": "banner_shown",
            "label": "Banner angezeigt",
            "trigger": "Erstaufruf ohne gespeicherte Entscheidung",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "evidence": "Belegt, welche Version Nutzer gesehen haben."
        },
        {
            "id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "trigger": "Nutzer klickt Akzeptieren oder speichert Kategorien",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "evidence": "Zentrale Nachweiszeile für aktive Einwilligung."
        },
        {
            "id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "trigger": "Nutzer klickt Ablehnen",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "evidence": "Ablehnen muss genauso auditierbar sein wie Akzeptieren."
        },
        {
            "id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "trigger": "Privacy-Trigger oder Preference Center ändert Entscheidung",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "evidence": "Widerruf überschreibt Downstream-Zustände und muss nachvollziehbar bleiben."
        },
        {
            "id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "trigger": "Browser sendet Global Privacy Control",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "evidence": "2 Datenschutz-Domain(s) im GPC-Kontext."
        },
        {
            "id": "vendor_sync",
            "label": "Downstream-Sync",
            "trigger": "Tag Manager, Analytics, Ads, CRM oder CMP erhält Status",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "evidence": "3 datenschutzrelevante Browserkontakt(e) aus dem Scan."
        },
        {
            "id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "trigger": "Nach Ihrer Änderung erneut prüfen",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "evidence": "Verbindet Betreiberentscheidung mit technischer Scan-Evidenz."
        }
    ],
    "fields": [
        {
            "field": "consent_id",
            "type": "uuid/string",
            "purpose": "Eindeutiger Nachweisdatensatz",
            "privacy_note": "Nicht als Klartext-Personenkennung verwenden."
        },
        {
            "field": "subject_key_hash",
            "type": "sha256/string",
            "purpose": "Wiedererkennung ohne Klartext-ID",
            "privacy_note": "Salt/Rotation und Zugriffsschutz dokumentieren."
        },
        {
            "field": "domain",
            "type": "string",
            "purpose": "Betroffene Website",
            "privacy_note": "Mandanten-/Domain-Trennung erzwingen."
        },
        {
            "field": "region",
            "type": "string",
            "purpose": "DE/EU/CH/AT oder CMP-Region",
            "privacy_note": "Regelbasiertes Verhalten nachvollziehbar machen."
        },
        {
            "field": "banner_version",
            "type": "string",
            "purpose": "Version der Consent-Oberfläche",
            "privacy_note": "Bei Text-/Layoutänderung erhöhen."
        },
        {
            "field": "policy_version",
            "type": "string",
            "purpose": "Datenschutz-/Cookie-Hinweis-Version",
            "privacy_note": "Mit veröffentlichtem Hinweis und Datum verbinden."
        },
        {
            "field": "categories_json",
            "type": "json",
            "purpose": "Status je Kategorie",
            "privacy_note": "Nur notwendige Kategorien speichern."
        },
        {
            "field": "services_json",
            "type": "json",
            "purpose": "Optionaler Status je Dienst",
            "privacy_note": "Dienste aus Anbieterregister synchronisieren."
        },
        {
            "field": "action",
            "type": "enum",
            "purpose": "accept, reject, save, withdraw, gpc",
            "privacy_note": "Ablehnung und Widerruf gleichwertig protokollieren."
        },
        {
            "field": "ip_hash",
            "type": "string/null",
            "purpose": "Missbrauchs-/Nachweisbezug",
            "privacy_note": "Klartext-IP vermeiden; Speicherfrist begrenzen."
        },
        {
            "field": "user_agent_hash",
            "type": "string/null",
            "purpose": "Technischer Kontext",
            "privacy_note": "Nicht für Tracking oder Profiling verwenden."
        },
        {
            "field": "evidence_ref",
            "type": "string",
            "purpose": "Verweis auf Scan, Screenshot oder Export",
            "privacy_note": "Keine sensiblen Rohdaten in öffentliche Exporte schreiben."
        },
        {
            "field": "created_at",
            "type": "datetime",
            "purpose": "Zeitpunkt der Entscheidung",
            "privacy_note": "Zeitzone und Serverzeit stabil halten."
        },
        {
            "field": "expires_at",
            "type": "datetime/null",
            "purpose": "Review-/Ablauffrist",
            "privacy_note": "Regelmäßige Erneuerung und Löschung planen."
        }
    ],
    "transaction_log_template": [
        {
            "transaction_id": "5d6c19f08ccfa4515646496b",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "banner_shown",
            "label": "Banner angezeigt",
            "action": "show",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:28:36+00:00",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "previous_hash": "5e6879ae3c4faf1f86c4098c7097c6a6ab561ca4e1fa49f86ddeb1107e1ceaf2",
            "row_hash": "bc9f7962634a283f6f9fcba7735fec0bca7ca2fe27ac1f866b47837615b4a208"
        },
        {
            "transaction_id": "c79383b5d52b7128a0b9f711",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "action": "accept_or_save",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "granted_if_selected"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:29:36+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "previous_hash": "bc9f7962634a283f6f9fcba7735fec0bca7ca2fe27ac1f866b47837615b4a208",
            "row_hash": "44e990a302013f6ef3225defce21fbad8bbd817359fd5fd17f6f4d7fa13af8a5"
        },
        {
            "transaction_id": "86bad65ec9edc16324018168",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "action": "reject",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:30:36+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "previous_hash": "44e990a302013f6ef3225defce21fbad8bbd817359fd5fd17f6f4d7fa13af8a5",
            "row_hash": "61225c155f54fb5e817a032d883b7caf6c22c6f75e8ad9d9626b9ebcd3f493c1"
        },
        {
            "transaction_id": "7c92c79d10b99aa054f4e842",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "action": "withdraw",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:31:36+00:00",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "previous_hash": "61225c155f54fb5e817a032d883b7caf6c22c6f75e8ad9d9626b9ebcd3f493c1",
            "row_hash": "f9a4ef38d989f1eccb787e2dee649a0d5a2c377a85688df8d2e3108de5e8fec1"
        },
        {
            "transaction_id": "8c9d46be9de77005c22e21ae",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "action": "gpc",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:32:36+00:00",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "previous_hash": "f9a4ef38d989f1eccb787e2dee649a0d5a2c377a85688df8d2e3108de5e8fec1",
            "row_hash": "72eda5e189d48b820fd565768f76e13062e661409eb500ca85121d0bf1f2aa5f"
        },
        {
            "transaction_id": "f0bc442b4c2a0db501c99be1",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "vendor_sync",
            "label": "Downstream-Sync",
            "action": "sync",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:33:36+00:00",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "previous_hash": "72eda5e189d48b820fd565768f76e13062e661409eb500ca85121d0bf1f2aa5f",
            "row_hash": "c5b17a99317a10034fd93d9f34fcb8ac5fcadcd931c4224d918c7fab068591a4"
        },
        {
            "transaction_id": "71bea7f14537b365af4f960d",
            "domain": "kinderregion.ch",
            "scan_id": "b8c8e998-e86b-4e45-8f1f-7d823f907397",
            "event_id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "action": "rescan",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/kinderregion.ch/export",
            "created_at": "2026-07-01T21:34:36+00:00",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "previous_hash": "c5b17a99317a10034fd93d9f34fcb8ac5fcadcd931c4224d918c7fab068591a4",
            "row_hash": "041617e3f60642b9494e2bce300644dd40da8982febd3bbdee4e13c8c69d3dfe"
        }
    ],
    "log_export_controls": [
        {
            "id": "domain_period",
            "label": "Domain und Zeitraum",
            "control": "Export immer nach Domain, Zeitraum und Rechtsraum filtern; keine domainübergreifenden Rohlogs ohne Zweckfreigabe."
        },
        {
            "id": "pseudonymization",
            "label": "Pseudonymisierung",
            "control": "Subject-, IP- und User-Agent-Bezug nur gehasht und mit Zugriffsschutz exportieren."
        },
        {
            "id": "hash_chain",
            "label": "Hashkette",
            "control": "Jede Zeile enthält previous_hash und row_hash, damit nachträgliche Änderungen auffallen."
        },
        {
            "id": "dsar_scope",
            "label": "Betroffenenrechte",
            "control": "DSAR-Export trennt Nachweiszweck, technische Logs und Lösch-/Sperrentscheidungen."
        },
        {
            "id": "retention_window",
            "label": "Aufbewahrung",
            "control": "Nachweisfrist und Löschfristen je Zweck dokumentieren; abgelaufene Rohdaten aggregieren oder löschen."
        }
    ],
    "storage_controls": [
        {
            "id": "minimize",
            "label": "Daten minimieren",
            "action": "Klartext-IP, User-Agent und Personenkennung vermeiden; Hash/Salt und kurze Fristen verwenden."
        },
        {
            "id": "versioning",
            "label": "Versionen speichern",
            "action": "Banner-, Policy-, Kategorie- und Anbieterregister-Version bei jeder Entscheidung speichern."
        },
        {
            "id": "withdrawal",
            "label": "Widerruf aktiv synchronisieren",
            "action": "Widerruf an Tag Manager, CMP, Analytics, Ads und CRM weitergeben und Synchronisierung protokollieren."
        },
        {
            "id": "retention",
            "label": "Löschfrist festlegen",
            "action": "Nachweisfrist, Zweckende, erneute Einwilligung und DSAR-Löschung als Löschtrigger definieren."
        },
        {
            "id": "access",
            "label": "Zugriff beschränken",
            "action": "Ledger nur für Datenschutz/Compliance/IT freigeben; Exportzugriffe protokollieren."
        }
    ],
    "snippets": [
        {
            "id": "sql_table",
            "label": "SQL Ledger Tabelle",
            "placement": "Backend-Datenbank oder Consent-Service",
            "code": "CREATE TABLE consent_ledger_kinderregion_ch (\n  consent_id text PRIMARY KEY,\n  subject_key_hash text NOT NULL,\n  domain text NOT NULL,\n  region text NOT NULL,\n  banner_version text NOT NULL,\n  policy_version text NOT NULL,\n  action text NOT NULL CHECK (action IN ('accept','reject','save','withdraw','gpc')),\n  categories_json jsonb NOT NULL,\n  services_json jsonb NOT NULL DEFAULT '{}'::jsonb,\n  gpc_signal boolean NOT NULL DEFAULT false,\n  ip_hash text,\n  user_agent_hash text,\n  evidence_ref text,\n  created_at timestamptz NOT NULL DEFAULT now(),\n  expires_at timestamptz\n);\nCREATE INDEX consent_ledger_kinderregion_ch_subject_idx ON consent_ledger_kinderregion_ch (subject_key_hash, created_at DESC);"
        },
        {
            "id": "browser_event",
            "label": "Browser Event Bridge",
            "placement": "Nach Banner-Entscheidung, serverseitig validieren",
            "code": "window.addEventListener('saferpage-consent-update', function (event) {\n  fetch('/privacy/consent-ledger', {\n    method: 'POST',\n    headers: {'Content-Type': 'application/json'},\n    credentials: 'same-origin',\n    body: JSON.stringify({\n      domain: 'kinderregion.ch',\n      banner_version: 'v1',\n      policy_version: 'privacy-notice-current',\n      action: 'save',\n      categories: event.detail,\n      evidence_ref: window.location.href\n    })\n  });\n});"
        }
    ],
    "links": {
        "ledger_center": "https://saferpage.de/consent-ledger/kinderregion.ch",
        "json": "https://saferpage.de/consent-ledger/kinderregion.ch/export",
        "csv": "https://saferpage.de/consent-ledger/kinderregion.ch/export-csv",
        "markdown": "https://saferpage.de/consent-ledger/kinderregion.ch/runbook-md",
        "transactions_jsonl": "https://saferpage.de/consent-ledger/kinderregion.ch/transactions-jsonl",
        "banner_template": "https://saferpage.de/consent-banner/kinderregion.ch",
        "consent_region": "https://saferpage.de/consent-region/kinderregion.ch",
        "consent_center": "https://saferpage.de/consent/kinderregion.ch",
        "consent_journey": "https://saferpage.de/consent-journey/kinderregion.ch",
        "consent_mode": "https://saferpage.de/consent-mode/kinderregion.ch",
        "operator_board": "https://saferpage.de/betreiber/kinderregion.ch",
        "report": "https://saferpage.de/kinderregion.ch"
    },
    "sources": [
        {
            "title": "iubenda Consent Database",
            "url": "https://www.iubenda.com/privacy-policy/252372/cookie-policy.pdf",
            "note": "Orientierung für Consent-Datenbank als Nachweisfunktion."
        },
        {
            "title": "OneTrust Privacy Operations",
            "url": "https://www.onetrust.com/products/privacy-operations/",
            "note": "Orientierung für Workflows, Risk Mitigation und Privacy Operations."
        },
        {
            "title": "Cookiebot scan reports",
            "url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report",
            "note": "Orientierung für wiederkehrende Scan- und Report-Nachweise."
        }
    ],
    "disclaimer": "Der Ledger-Blueprint ist eine technische Betreiber-Vorlage. Rechtsgrundlage, Speicherfrist, Zugriffsschutz und Integration in CMP/Backend müssen fachlich freigegeben werden."
}
