{
    "schema": "https://saferpage.de/schemas/consent-ledger-readiness.v1",
    "generated_at": "2026-07-02T23:35:51+00:00",
    "domain": "mosmosh.de",
    "available": true,
    "scan": {
        "id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
        "checked_at": "2026-07-02 16:07:49.579437+02"
    },
    "summary": "mosmosh.de: Consent-Ledger-Blueprint mit 14 Datenfeldern, 7 Ereignissen, 7 Log-Zeilen und 6 Kategorien für auditierbare Einwilligungsnachweise.",
    "score": 60,
    "categories": [
        {
            "id": "notwendig",
            "label": "Notwendig",
            "consent_mode_key": "security_storage",
            "default_state": "granted",
            "requires_ledger": true,
            "evidence": "Notwendige Dienste getrennt von optionalen Einwilligungen speichern."
        },
        {
            "id": "statistik",
            "label": "Statistik",
            "consent_mode_key": "analytics_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "1 Akzeptieren-Control(s), Consent-Zustände getrennt protokollieren."
        },
        {
            "id": "marketing",
            "label": "Marketing / Tracking",
            "consent_mode_key": "ad_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "0 Tracking-Cookie(s) vor Consent, 0 datenschutzrelevante Drittanbieter."
        },
        {
            "id": "externe_medien",
            "label": "Externe Medien",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "komfort",
            "label": "Komfort",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "unklar",
            "label": "Unklar / blockieren",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        }
    ],
    "events": [
        {
            "id": "banner_shown",
            "label": "Banner angezeigt",
            "trigger": "Erstaufruf ohne gespeicherte Entscheidung",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "evidence": "Belegt, welche Version Nutzer gesehen haben."
        },
        {
            "id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "trigger": "Nutzer klickt Akzeptieren oder speichert Kategorien",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "evidence": "Zentrale Nachweiszeile für aktive Einwilligung."
        },
        {
            "id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "trigger": "Nutzer klickt Ablehnen",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "evidence": "Ablehnen muss genauso auditierbar sein wie Akzeptieren."
        },
        {
            "id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "trigger": "Privacy-Trigger oder Preference Center ändert Entscheidung",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "evidence": "Widerruf überschreibt Downstream-Zustände und muss nachvollziehbar bleiben."
        },
        {
            "id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "trigger": "Browser sendet Global Privacy Control",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "evidence": "0 Datenschutz-Domain(s) im GPC-Kontext."
        },
        {
            "id": "vendor_sync",
            "label": "Downstream-Sync",
            "trigger": "Tag Manager, Analytics, Ads, CRM oder CMP erhält Status",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "evidence": "1 datenschutzrelevante Browserkontakt(e) aus dem Scan."
        },
        {
            "id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "trigger": "Nach Ihrer Änderung erneut prüfen",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "evidence": "Verbindet Betreiberentscheidung mit technischer Scan-Evidenz."
        }
    ],
    "fields": [
        {
            "field": "consent_id",
            "type": "uuid/string",
            "purpose": "Eindeutiger Nachweisdatensatz",
            "privacy_note": "Nicht als Klartext-Personenkennung verwenden."
        },
        {
            "field": "subject_key_hash",
            "type": "sha256/string",
            "purpose": "Wiedererkennung ohne Klartext-ID",
            "privacy_note": "Salt/Rotation und Zugriffsschutz dokumentieren."
        },
        {
            "field": "domain",
            "type": "string",
            "purpose": "Betroffene Website",
            "privacy_note": "Mandanten-/Domain-Trennung erzwingen."
        },
        {
            "field": "region",
            "type": "string",
            "purpose": "DE/EU/CH/AT oder CMP-Region",
            "privacy_note": "Regelbasiertes Verhalten nachvollziehbar machen."
        },
        {
            "field": "banner_version",
            "type": "string",
            "purpose": "Version der Consent-Oberfläche",
            "privacy_note": "Bei Text-/Layoutänderung erhöhen."
        },
        {
            "field": "policy_version",
            "type": "string",
            "purpose": "Datenschutz-/Cookie-Hinweis-Version",
            "privacy_note": "Mit veröffentlichtem Hinweis und Datum verbinden."
        },
        {
            "field": "categories_json",
            "type": "json",
            "purpose": "Status je Kategorie",
            "privacy_note": "Nur notwendige Kategorien speichern."
        },
        {
            "field": "services_json",
            "type": "json",
            "purpose": "Optionaler Status je Dienst",
            "privacy_note": "Dienste aus Anbieterregister synchronisieren."
        },
        {
            "field": "action",
            "type": "enum",
            "purpose": "accept, reject, save, withdraw, gpc",
            "privacy_note": "Ablehnung und Widerruf gleichwertig protokollieren."
        },
        {
            "field": "ip_hash",
            "type": "string/null",
            "purpose": "Missbrauchs-/Nachweisbezug",
            "privacy_note": "Klartext-IP vermeiden; Speicherfrist begrenzen."
        },
        {
            "field": "user_agent_hash",
            "type": "string/null",
            "purpose": "Technischer Kontext",
            "privacy_note": "Nicht für Tracking oder Profiling verwenden."
        },
        {
            "field": "evidence_ref",
            "type": "string",
            "purpose": "Verweis auf Scan, Screenshot oder Export",
            "privacy_note": "Keine sensiblen Rohdaten in öffentliche Exporte schreiben."
        },
        {
            "field": "created_at",
            "type": "datetime",
            "purpose": "Zeitpunkt der Entscheidung",
            "privacy_note": "Zeitzone und Serverzeit stabil halten."
        },
        {
            "field": "expires_at",
            "type": "datetime/null",
            "purpose": "Review-/Ablauffrist",
            "privacy_note": "Regelmäßige Erneuerung und Löschung planen."
        }
    ],
    "transaction_log_template": [
        {
            "transaction_id": "71050462ecfc2c8b2b44b8ea",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "banner_shown",
            "label": "Banner angezeigt",
            "action": "show",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:07:49+00:00",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "previous_hash": "c5dded9e563a1ef3a634dfd91ba44854f9864d6793869923d9a02c663a044c52",
            "row_hash": "909fd470251d60092ff4337162ea103080495b8b1058c0858554f7c9b69bd855"
        },
        {
            "transaction_id": "67ff91e2a0c9cebca3c3b7cd",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "action": "accept_or_save",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "granted_if_selected"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:08:49+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "previous_hash": "909fd470251d60092ff4337162ea103080495b8b1058c0858554f7c9b69bd855",
            "row_hash": "e632bf0b8c75461e0f80e66ded561a289f004be52dbc9a3df293350f3559127a"
        },
        {
            "transaction_id": "05ea5f440856a38696c23698",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "action": "reject",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:09:49+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "previous_hash": "e632bf0b8c75461e0f80e66ded561a289f004be52dbc9a3df293350f3559127a",
            "row_hash": "fa62f54d2cced6b4c79e4b1cb7606f603226d24900347dc73bd052566f1db0fb"
        },
        {
            "transaction_id": "9f8daa4b0de8e933605388e8",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "action": "withdraw",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:10:49+00:00",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "previous_hash": "fa62f54d2cced6b4c79e4b1cb7606f603226d24900347dc73bd052566f1db0fb",
            "row_hash": "e7e97ae23bcaa576717759c42c64f2ab4049dc0a5a820a6d2f272f3933866422"
        },
        {
            "transaction_id": "b99411064a255bc2bdc591a6",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "action": "gpc",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:11:49+00:00",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "previous_hash": "e7e97ae23bcaa576717759c42c64f2ab4049dc0a5a820a6d2f272f3933866422",
            "row_hash": "2e7f2c3adf613d1297c06179251579933db1eec7d1667324f4f9db202ca4e4fd"
        },
        {
            "transaction_id": "d73a1e692b52c2f4b4b2b926",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "vendor_sync",
            "label": "Downstream-Sync",
            "action": "sync",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:12:49+00:00",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "previous_hash": "2e7f2c3adf613d1297c06179251579933db1eec7d1667324f4f9db202ca4e4fd",
            "row_hash": "d8c9daf649102f477fac3d6f052f55e4ff1ade568af883f232be0cb72e5d5875"
        },
        {
            "transaction_id": "6bb2df3088efaa254a5f27a0",
            "domain": "mosmosh.de",
            "scan_id": "658cca42-d3a3-4c26-864b-6fdaa13ceb45",
            "event_id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "action": "rescan",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/mosmosh.de/export",
            "created_at": "2026-07-02T14:13:49+00:00",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "previous_hash": "d8c9daf649102f477fac3d6f052f55e4ff1ade568af883f232be0cb72e5d5875",
            "row_hash": "d9450f9ce9cb4baa4678c7aaf6920fde2ca3eb08d1973a62f86d4876023c59f1"
        }
    ],
    "log_export_controls": [
        {
            "id": "domain_period",
            "label": "Domain und Zeitraum",
            "control": "Export immer nach Domain, Zeitraum und Rechtsraum filtern; keine domainübergreifenden Rohlogs ohne Zweckfreigabe."
        },
        {
            "id": "pseudonymization",
            "label": "Pseudonymisierung",
            "control": "Subject-, IP- und User-Agent-Bezug nur gehasht und mit Zugriffsschutz exportieren."
        },
        {
            "id": "hash_chain",
            "label": "Hashkette",
            "control": "Jede Zeile enthält previous_hash und row_hash, damit nachträgliche Änderungen auffallen."
        },
        {
            "id": "dsar_scope",
            "label": "Betroffenenrechte",
            "control": "DSAR-Export trennt Nachweiszweck, technische Logs und Lösch-/Sperrentscheidungen."
        },
        {
            "id": "retention_window",
            "label": "Aufbewahrung",
            "control": "Nachweisfrist und Löschfristen je Zweck dokumentieren; abgelaufene Rohdaten aggregieren oder löschen."
        }
    ],
    "storage_controls": [
        {
            "id": "minimize",
            "label": "Daten minimieren",
            "action": "Klartext-IP, User-Agent und Personenkennung vermeiden; Hash/Salt und kurze Fristen verwenden."
        },
        {
            "id": "versioning",
            "label": "Versionen speichern",
            "action": "Banner-, Policy-, Kategorie- und Anbieterregister-Version bei jeder Entscheidung speichern."
        },
        {
            "id": "withdrawal",
            "label": "Widerruf aktiv synchronisieren",
            "action": "Widerruf an Tag Manager, CMP, Analytics, Ads und CRM weitergeben und Synchronisierung protokollieren."
        },
        {
            "id": "retention",
            "label": "Löschfrist festlegen",
            "action": "Nachweisfrist, Zweckende, erneute Einwilligung und DSAR-Löschung als Löschtrigger definieren."
        },
        {
            "id": "access",
            "label": "Zugriff beschränken",
            "action": "Ledger nur für Datenschutz/Compliance/IT freigeben; Exportzugriffe protokollieren."
        }
    ],
    "snippets": [
        {
            "id": "sql_table",
            "label": "SQL Ledger Tabelle",
            "placement": "Backend-Datenbank oder Consent-Service",
            "code": "CREATE TABLE consent_ledger_mosmosh_de (\n  consent_id text PRIMARY KEY,\n  subject_key_hash text NOT NULL,\n  domain text NOT NULL,\n  region text NOT NULL,\n  banner_version text NOT NULL,\n  policy_version text NOT NULL,\n  action text NOT NULL CHECK (action IN ('accept','reject','save','withdraw','gpc')),\n  categories_json jsonb NOT NULL,\n  services_json jsonb NOT NULL DEFAULT '{}'::jsonb,\n  gpc_signal boolean NOT NULL DEFAULT false,\n  ip_hash text,\n  user_agent_hash text,\n  evidence_ref text,\n  created_at timestamptz NOT NULL DEFAULT now(),\n  expires_at timestamptz\n);\nCREATE INDEX consent_ledger_mosmosh_de_subject_idx ON consent_ledger_mosmosh_de (subject_key_hash, created_at DESC);"
        },
        {
            "id": "browser_event",
            "label": "Browser Event Bridge",
            "placement": "Nach Banner-Entscheidung, serverseitig validieren",
            "code": "window.addEventListener('saferpage-consent-update', function (event) {\n  fetch('/privacy/consent-ledger', {\n    method: 'POST',\n    headers: {'Content-Type': 'application/json'},\n    credentials: 'same-origin',\n    body: JSON.stringify({\n      domain: 'mosmosh.de',\n      banner_version: 'v1',\n      policy_version: 'privacy-notice-current',\n      action: 'save',\n      categories: event.detail,\n      evidence_ref: window.location.href\n    })\n  });\n});"
        }
    ],
    "links": {
        "ledger_center": "https://saferpage.de/consent-ledger/mosmosh.de",
        "json": "https://saferpage.de/consent-ledger/mosmosh.de/export",
        "csv": "https://saferpage.de/consent-ledger/mosmosh.de/export-csv",
        "markdown": "https://saferpage.de/consent-ledger/mosmosh.de/runbook-md",
        "transactions_jsonl": "https://saferpage.de/consent-ledger/mosmosh.de/transactions-jsonl",
        "banner_template": "https://saferpage.de/consent-banner/mosmosh.de",
        "consent_region": "https://saferpage.de/consent-region/mosmosh.de",
        "consent_center": "https://saferpage.de/consent/mosmosh.de",
        "consent_journey": "https://saferpage.de/consent-journey/mosmosh.de",
        "consent_mode": "https://saferpage.de/consent-mode/mosmosh.de",
        "operator_board": "https://saferpage.de/betreiber/mosmosh.de",
        "report": "https://saferpage.de/mosmosh.de"
    },
    "sources": [
        {
            "title": "iubenda Consent Database",
            "url": "https://www.iubenda.com/privacy-policy/252372/cookie-policy.pdf",
            "note": "Orientierung für Consent-Datenbank als Nachweisfunktion."
        },
        {
            "title": "OneTrust Privacy Operations",
            "url": "https://www.onetrust.com/products/privacy-operations/",
            "note": "Orientierung für Workflows, Risk Mitigation und Privacy Operations."
        },
        {
            "title": "Cookiebot scan reports",
            "url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report",
            "note": "Orientierung für wiederkehrende Scan- und Report-Nachweise."
        }
    ],
    "disclaimer": "Der Ledger-Blueprint ist eine technische Betreiber-Vorlage. Rechtsgrundlage, Speicherfrist, Zugriffsschutz und Integration in CMP/Backend müssen fachlich freigegeben werden."
}
