{
    "schema": "https://saferpage.de/schemas/consent-ledger-readiness.v1",
    "generated_at": "2026-07-01T04:20:05+00:00",
    "domain": "ticketing-palazzo.de",
    "available": true,
    "scan": {
        "id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
        "checked_at": "2026-07-01 01:12:52.014597+02"
    },
    "summary": "ticketing-palazzo.de: Consent-Ledger-Blueprint mit 14 Datenfeldern, 7 Ereignissen, 7 Log-Zeilen und 6 Kategorien für auditierbare Einwilligungsnachweise.",
    "score": 60,
    "categories": [
        {
            "id": "notwendig",
            "label": "Notwendig",
            "consent_mode_key": "security_storage",
            "default_state": "granted",
            "requires_ledger": true,
            "evidence": "Notwendige Dienste getrennt von optionalen Einwilligungen speichern."
        },
        {
            "id": "statistik",
            "label": "Statistik",
            "consent_mode_key": "analytics_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "0 Akzeptieren-Control(s), Consent-Zustände getrennt protokollieren."
        },
        {
            "id": "marketing",
            "label": "Marketing / Tracking",
            "consent_mode_key": "ad_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "0 Tracking-Cookie(s) vor Consent, 0 datenschutzrelevante Drittanbieter."
        },
        {
            "id": "externe_medien",
            "label": "Externe Medien",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "komfort",
            "label": "Komfort",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        },
        {
            "id": "unklar",
            "label": "Unklar / blockieren",
            "consent_mode_key": "functionality_storage",
            "default_state": "denied",
            "requires_ledger": true,
            "evidence": "Kategorie als Consent-Ledger-Schlüssel vorbereiten."
        }
    ],
    "events": [
        {
            "id": "banner_shown",
            "label": "Banner angezeigt",
            "trigger": "Erstaufruf ohne gespeicherte Entscheidung",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "evidence": "Belegt, welche Version Nutzer gesehen haben."
        },
        {
            "id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "trigger": "Nutzer klickt Akzeptieren oder speichert Kategorien",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "evidence": "Zentrale Nachweiszeile für aktive Einwilligung."
        },
        {
            "id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "trigger": "Nutzer klickt Ablehnen",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "evidence": "Ablehnen muss genauso auditierbar sein wie Akzeptieren."
        },
        {
            "id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "trigger": "Privacy-Trigger oder Preference Center ändert Entscheidung",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "evidence": "Widerruf überschreibt Downstream-Zustände und muss nachvollziehbar bleiben."
        },
        {
            "id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "trigger": "Browser sendet Global Privacy Control",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "evidence": "0 Datenschutz-Domain(s) im GPC-Kontext."
        },
        {
            "id": "vendor_sync",
            "label": "Downstream-Sync",
            "trigger": "Tag Manager, Analytics, Ads, CRM oder CMP erhält Status",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "evidence": "0 datenschutzrelevante Browserkontakt(e) aus dem Scan."
        },
        {
            "id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "trigger": "Nach Ihrer Änderung erneut prüfen",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "evidence": "Verbindet Betreiberentscheidung mit technischer Scan-Evidenz."
        }
    ],
    "fields": [
        {
            "field": "consent_id",
            "type": "uuid/string",
            "purpose": "Eindeutiger Nachweisdatensatz",
            "privacy_note": "Nicht als Klartext-Personenkennung verwenden."
        },
        {
            "field": "subject_key_hash",
            "type": "sha256/string",
            "purpose": "Wiedererkennung ohne Klartext-ID",
            "privacy_note": "Salt/Rotation und Zugriffsschutz dokumentieren."
        },
        {
            "field": "domain",
            "type": "string",
            "purpose": "Betroffene Website",
            "privacy_note": "Mandanten-/Domain-Trennung erzwingen."
        },
        {
            "field": "region",
            "type": "string",
            "purpose": "DE/EU/CH/AT oder CMP-Region",
            "privacy_note": "Regelbasiertes Verhalten nachvollziehbar machen."
        },
        {
            "field": "banner_version",
            "type": "string",
            "purpose": "Version der Consent-Oberfläche",
            "privacy_note": "Bei Text-/Layoutänderung erhöhen."
        },
        {
            "field": "policy_version",
            "type": "string",
            "purpose": "Datenschutz-/Cookie-Hinweis-Version",
            "privacy_note": "Mit veröffentlichtem Hinweis und Datum verbinden."
        },
        {
            "field": "categories_json",
            "type": "json",
            "purpose": "Status je Kategorie",
            "privacy_note": "Nur notwendige Kategorien speichern."
        },
        {
            "field": "services_json",
            "type": "json",
            "purpose": "Optionaler Status je Dienst",
            "privacy_note": "Dienste aus Anbieterregister synchronisieren."
        },
        {
            "field": "action",
            "type": "enum",
            "purpose": "accept, reject, save, withdraw, gpc",
            "privacy_note": "Ablehnung und Widerruf gleichwertig protokollieren."
        },
        {
            "field": "ip_hash",
            "type": "string/null",
            "purpose": "Missbrauchs-/Nachweisbezug",
            "privacy_note": "Klartext-IP vermeiden; Speicherfrist begrenzen."
        },
        {
            "field": "user_agent_hash",
            "type": "string/null",
            "purpose": "Technischer Kontext",
            "privacy_note": "Nicht für Tracking oder Profiling verwenden."
        },
        {
            "field": "evidence_ref",
            "type": "string",
            "purpose": "Verweis auf Scan, Screenshot oder Export",
            "privacy_note": "Keine sensiblen Rohdaten in öffentliche Exporte schreiben."
        },
        {
            "field": "created_at",
            "type": "datetime",
            "purpose": "Zeitpunkt der Entscheidung",
            "privacy_note": "Zeitzone und Serverzeit stabil halten."
        },
        {
            "field": "expires_at",
            "type": "datetime/null",
            "purpose": "Review-/Ablauffrist",
            "privacy_note": "Regelmäßige Erneuerung und Löschung planen."
        }
    ],
    "transaction_log_template": [
        {
            "transaction_id": "c3810cf61f4c73b0c84b6282",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "banner_shown",
            "label": "Banner angezeigt",
            "action": "show",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:12:52+00:00",
            "required_fields": [
                "domain",
                "banner_version",
                "policy_version",
                "region",
                "created_at"
            ],
            "previous_hash": "a5600345e9f9e57ae5228d5d2847b442e8f54ad6c65b46231597ef31c4b3e414",
            "row_hash": "c51918ee955c987382279ebf13cecb1c3cc71a0bc48f662e0492a508fcd8028d"
        },
        {
            "transaction_id": "f530c8e840fcd0987282bdec",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "consent_saved",
            "label": "Einwilligung gespeichert",
            "action": "accept_or_save",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "granted_if_selected"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:13:52+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "services",
                "action",
                "created_at"
            ],
            "previous_hash": "c51918ee955c987382279ebf13cecb1c3cc71a0bc48f662e0492a508fcd8028d",
            "row_hash": "399f3f4b29c7428d8dd144939a07505eb1be8d49d62e7944555f4c69ddac67ff"
        },
        {
            "transaction_id": "01b755f0ceedd4fbc4245179",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "consent_rejected",
            "label": "Ablehnung gespeichert",
            "action": "reject",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:14:52+00:00",
            "required_fields": [
                "consent_id",
                "categories",
                "action",
                "created_at"
            ],
            "previous_hash": "399f3f4b29c7428d8dd144939a07505eb1be8d49d62e7944555f4c69ddac67ff",
            "row_hash": "633a5437ddb8668a28286754ef0f1240d30d48f6355b0faf83a2d22391ae0408"
        },
        {
            "transaction_id": "39a3a69aea70b392602ba946",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "consent_withdrawn",
            "label": "Widerruf gespeichert",
            "action": "withdraw",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:15:52+00:00",
            "required_fields": [
                "previous_consent_id",
                "withdrawn_at",
                "categories",
                "source"
            ],
            "previous_hash": "633a5437ddb8668a28286754ef0f1240d30d48f6355b0faf83a2d22391ae0408",
            "row_hash": "ac7004e18649bf8b78349cdec28d45d255b3b428d70f4e518d8c1e91303b81f0"
        },
        {
            "transaction_id": "056e1fcc67263e51358b99de",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "gpc_seen",
            "label": "GPC-Signal berücksichtigt",
            "action": "gpc",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:16:52+00:00",
            "required_fields": [
                "gpc_signal",
                "region",
                "action",
                "created_at"
            ],
            "previous_hash": "ac7004e18649bf8b78349cdec28d45d255b3b428d70f4e518d8c1e91303b81f0",
            "row_hash": "db369151f0a79277d48aa4409618e54ef9ee930d8a4210e2801297db4c2bd11a"
        },
        {
            "transaction_id": "6f46ed12e3081d9a29cb3375",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "vendor_sync",
            "label": "Downstream-Sync",
            "action": "sync",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "granted_if_selected",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:17:52+00:00",
            "required_fields": [
                "destination",
                "categories",
                "sync_status",
                "created_at"
            ],
            "previous_hash": "db369151f0a79277d48aa4409618e54ef9ee930d8a4210e2801297db4c2bd11a",
            "row_hash": "9ca38bfc6c2c1d366d813236ef8fa8d0c29bccc94d0c3e5a034fb1315e968390"
        },
        {
            "transaction_id": "68146931ccae9f1cc5885f57",
            "domain": "ticketing-palazzo.de",
            "scan_id": "bcace16b-c680-421a-9288-06dc6a28e0c4",
            "event_id": "rescan_evidence",
            "label": "Re-Scan-Nachweis",
            "action": "rescan",
            "region": "DE/EU",
            "subject_key_hash": "sha256:template-not-a-user-id",
            "categories": {
                "notwendig": "granted",
                "statistik": "denied_until_choice",
                "marketing": "denied"
            },
            "services": "aus Anbieterregister synchronisieren",
            "evidence_ref": "https://saferpage.de/nachweise/ticketing-palazzo.de/export",
            "created_at": "2026-06-30T23:18:52+00:00",
            "required_fields": [
                "scan_id",
                "checked_at",
                "result_url",
                "evidence_hash"
            ],
            "previous_hash": "9ca38bfc6c2c1d366d813236ef8fa8d0c29bccc94d0c3e5a034fb1315e968390",
            "row_hash": "2a83d11acb824f484bff1f288d69a77c16f7476efc68951e34015a82b00bcd3d"
        }
    ],
    "log_export_controls": [
        {
            "id": "domain_period",
            "label": "Domain und Zeitraum",
            "control": "Export immer nach Domain, Zeitraum und Rechtsraum filtern; keine domainübergreifenden Rohlogs ohne Zweckfreigabe."
        },
        {
            "id": "pseudonymization",
            "label": "Pseudonymisierung",
            "control": "Subject-, IP- und User-Agent-Bezug nur gehasht und mit Zugriffsschutz exportieren."
        },
        {
            "id": "hash_chain",
            "label": "Hashkette",
            "control": "Jede Zeile enthält previous_hash und row_hash, damit nachträgliche Änderungen auffallen."
        },
        {
            "id": "dsar_scope",
            "label": "Betroffenenrechte",
            "control": "DSAR-Export trennt Nachweiszweck, technische Logs und Lösch-/Sperrentscheidungen."
        },
        {
            "id": "retention_window",
            "label": "Aufbewahrung",
            "control": "Nachweisfrist und Löschfristen je Zweck dokumentieren; abgelaufene Rohdaten aggregieren oder löschen."
        }
    ],
    "storage_controls": [
        {
            "id": "minimize",
            "label": "Daten minimieren",
            "action": "Klartext-IP, User-Agent und Personenkennung vermeiden; Hash/Salt und kurze Fristen verwenden."
        },
        {
            "id": "versioning",
            "label": "Versionen speichern",
            "action": "Banner-, Policy-, Kategorie- und Anbieterregister-Version bei jeder Entscheidung speichern."
        },
        {
            "id": "withdrawal",
            "label": "Widerruf aktiv synchronisieren",
            "action": "Widerruf an Tag Manager, CMP, Analytics, Ads und CRM weitergeben und Synchronisierung protokollieren."
        },
        {
            "id": "retention",
            "label": "Löschfrist festlegen",
            "action": "Nachweisfrist, Zweckende, erneute Einwilligung und DSAR-Löschung als Löschtrigger definieren."
        },
        {
            "id": "access",
            "label": "Zugriff beschränken",
            "action": "Ledger nur für Datenschutz/Compliance/IT freigeben; Exportzugriffe protokollieren."
        }
    ],
    "snippets": [
        {
            "id": "sql_table",
            "label": "SQL Ledger Tabelle",
            "placement": "Backend-Datenbank oder Consent-Service",
            "code": "CREATE TABLE consent_ledger_ticketing_palazzo_de (\n  consent_id text PRIMARY KEY,\n  subject_key_hash text NOT NULL,\n  domain text NOT NULL,\n  region text NOT NULL,\n  banner_version text NOT NULL,\n  policy_version text NOT NULL,\n  action text NOT NULL CHECK (action IN ('accept','reject','save','withdraw','gpc')),\n  categories_json jsonb NOT NULL,\n  services_json jsonb NOT NULL DEFAULT '{}'::jsonb,\n  gpc_signal boolean NOT NULL DEFAULT false,\n  ip_hash text,\n  user_agent_hash text,\n  evidence_ref text,\n  created_at timestamptz NOT NULL DEFAULT now(),\n  expires_at timestamptz\n);\nCREATE INDEX consent_ledger_ticketing_palazzo_de_subject_idx ON consent_ledger_ticketing_palazzo_de (subject_key_hash, created_at DESC);"
        },
        {
            "id": "browser_event",
            "label": "Browser Event Bridge",
            "placement": "Nach Banner-Entscheidung, serverseitig validieren",
            "code": "window.addEventListener('saferpage-consent-update', function (event) {\n  fetch('/privacy/consent-ledger', {\n    method: 'POST',\n    headers: {'Content-Type': 'application/json'},\n    credentials: 'same-origin',\n    body: JSON.stringify({\n      domain: 'ticketing-palazzo.de',\n      banner_version: 'v1',\n      policy_version: 'privacy-notice-current',\n      action: 'save',\n      categories: event.detail,\n      evidence_ref: window.location.href\n    })\n  });\n});"
        }
    ],
    "links": {
        "ledger_center": "https://saferpage.de/consent-ledger/ticketing-palazzo.de",
        "json": "https://saferpage.de/consent-ledger/ticketing-palazzo.de/export",
        "csv": "https://saferpage.de/consent-ledger/ticketing-palazzo.de/export-csv",
        "markdown": "https://saferpage.de/consent-ledger/ticketing-palazzo.de/runbook-md",
        "transactions_jsonl": "https://saferpage.de/consent-ledger/ticketing-palazzo.de/transactions-jsonl",
        "banner_template": "https://saferpage.de/consent-banner/ticketing-palazzo.de",
        "consent_region": "https://saferpage.de/consent-region/ticketing-palazzo.de",
        "consent_center": "https://saferpage.de/consent/ticketing-palazzo.de",
        "consent_journey": "https://saferpage.de/consent-journey/ticketing-palazzo.de",
        "consent_mode": "https://saferpage.de/consent-mode/ticketing-palazzo.de",
        "operator_board": "https://saferpage.de/betreiber/ticketing-palazzo.de",
        "report": "https://saferpage.de/ticketing-palazzo.de"
    },
    "sources": [
        {
            "title": "iubenda Consent Database",
            "url": "https://www.iubenda.com/privacy-policy/252372/cookie-policy.pdf",
            "note": "Orientierung für Consent-Datenbank als Nachweisfunktion."
        },
        {
            "title": "OneTrust Privacy Operations",
            "url": "https://www.onetrust.com/products/privacy-operations/",
            "note": "Orientierung für Workflows, Risk Mitigation und Privacy Operations."
        },
        {
            "title": "Cookiebot scan reports",
            "url": "https://support.cookiebot.com/hc/en-us/articles/5007079527580-Understanding-the-scan-report",
            "note": "Orientierung für wiederkehrende Scan- und Report-Nachweise."
        }
    ],
    "disclaimer": "Der Ledger-Blueprint ist eine technische Betreiber-Vorlage. Rechtsgrundlage, Speicherfrist, Zugriffsschutz und Integration in CMP/Backend müssen fachlich freigegeben werden."
}
