Benjamin_Boenisch/breakpilot-lehrer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e22019b2d518bfb73ac0849a08aaa1cb5eef6adf
breakpilot-lehrer/admin-lehrer/lib/sdk/einwilligungen/catalog/data-points.yml
Benjamin Boenisch 5a31f52310 Initial commit: breakpilot-lehrer - Lehrer KI Platform 
Services: Admin-Lehrer, Backend-Lehrer, Studio v2, Website,
Klausur-Service, School-Service, Voice-Service, Geo-Service,
BreakPilot Drive, Agent-Core

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:26 +01:00

1085 lines
42 KiB
YAML
Raw Blame History

# =============================================================================
# Datenpunktkatalog - Vordefinierte Datenpunkte
# =============================================================================
# 28 vordefinierte Datenpunkte in 8 Kategorien (A-H)
# Konform mit DSGVO, AO (Abgabenordnung), HGB
# =============================================================================
version: "1.0.0"
last_updated: "2025-02-04"
# =============================================================================
# KATEGORIE A: AUTHENTIFIZIERUNG & SESSION
# =============================================================================
data_points:
# ---------------------------------------------------------------------------
# A1: E-Mail-Adresse
# ---------------------------------------------------------------------------
- id: "dp-a1-email"
code: "A1"
category: "AUTHENTICATION"
name_de: "E-Mail-Adresse"
name_en: "Email Address"
description_de: "Primaere E-Mail-Adresse des Nutzers fuer Login und Benachrichtigungen"
description_en: "Primary email address for user login and notifications"
purpose_de: "Authentifizierung, Kontobenachrichtigungen, Passwort-Wiederherstellung"
purpose_en: "Authentication, account notifications, password recovery"
risk_level: "MEDIUM"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich zur Vertragserfuellung und Bereitstellung des Benutzerkontos"
legal_basis_justification_en: "Required for contract performance and user account provision"
retention_period: "UNTIL_ACCOUNT_DELETION"
retention_justification_de: "Notwendig solange das Konto aktiv ist; Loeschung bei Kontoschliessung"
retention_justification_en: "Necessary while account is active; deleted upon account closure"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "E-Mail-Dienstleister (Transaktionsmails)"
technical_measures:
- "Verschluesselung bei Uebertragung (TLS)"
- "Pseudonymisierung in Logs"
- "Zugriffskontrolle"
tags:
- "account"
- "authentication"
- "contact"
# ---------------------------------------------------------------------------
# A2: Passwort-Hash
# ---------------------------------------------------------------------------
- id: "dp-a2-password"
code: "A2"
category: "AUTHENTICATION"
name_de: "Passwort-Hash"
name_en: "Password Hash"
description_de: "Kryptografisch gehashtes Passwort (bcrypt/Argon2)"
description_en: "Cryptographically hashed password (bcrypt/Argon2)"
purpose_de: "Sichere Authentifizierung des Nutzers"
purpose_en: "Secure user authentication"
risk_level: "HIGH"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich zur sicheren Bereitstellung des Benutzerkontos"
legal_basis_justification_en: "Required for secure provision of user account"
retention_period: "UNTIL_ACCOUNT_DELETION"
retention_justification_de: "Notwendig solange das Konto aktiv ist"
retention_justification_en: "Necessary while account is active"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Einweg-Hashing (bcrypt, Argon2id)"
- "Salting"
- "Kein Klartext-Speicherung"
- "Zugriff nur fuer Auth-Service"
tags:
- "authentication"
- "security"
- "credentials"
# ---------------------------------------------------------------------------
# A3: Session-Token
# ---------------------------------------------------------------------------
- id: "dp-a3-session"
code: "A3"
category: "AUTHENTICATION"
name_de: "Session-Token"
name_en: "Session Token"
description_de: "JWT oder Session-ID zur Aufrechterhaltung der Benutzersitzung"
description_en: "JWT or Session ID for maintaining user session"
purpose_de: "Aufrechterhaltung der Benutzersitzung ohne erneute Anmeldung"
purpose_en: "Maintaining user session without re-authentication"
risk_level: "MEDIUM"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Technisch erforderlich fuer die Nutzung des Dienstes"
legal_basis_justification_en: "Technically required for service usage"
retention_period: "24_HOURS"
retention_justification_de: "Kurze Lebensdauer zur Minimierung des Missbrauchsrisikos"
retention_justification_en: "Short lifespan to minimize abuse risk"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Signierter JWT"
- "HTTPS-Only Cookie"
- "HttpOnly Flag"
- "SameSite=Strict"
tags:
- "authentication"
- "session"
- "cookie"
# ---------------------------------------------------------------------------
# A4: Refresh-Token
# ---------------------------------------------------------------------------
- id: "dp-a4-refresh"
code: "A4"
category: "AUTHENTICATION"
name_de: "Refresh-Token"
name_en: "Refresh Token"
description_de: "Langlebiger Token zur Erneuerung des Session-Tokens"
description_en: "Long-lived token for session token renewal"
purpose_de: "Erneuerung abgelaufener Session-Tokens ohne erneute Anmeldung"
purpose_en: "Renewal of expired session tokens without re-authentication"
risk_level: "MEDIUM"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Technisch erforderlich fuer nahtlose Benutzererfahrung"
legal_basis_justification_en: "Technically required for seamless user experience"
retention_period: "30_DAYS"
retention_justification_de: "Balance zwischen Benutzerfreundlichkeit und Sicherheit"
retention_justification_en: "Balance between usability and security"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Rotation bei Verwendung"
- "Sichere Speicherung"
- "Token-Widerrufsliste"
tags:
- "authentication"
- "session"
- "token"
# ---------------------------------------------------------------------------
# A5: OAuth-Provider-ID
# ---------------------------------------------------------------------------
- id: "dp-a5-oauth"
code: "A5"
category: "AUTHENTICATION"
name_de: "OAuth-Provider-ID"
name_en: "OAuth Provider ID"
description_de: "Eindeutige ID des externen Authentifizierungsanbieters"
description_en: "Unique ID from external authentication provider"
purpose_de: "Verknuepfung mit externem Login-Anbieter (Google, Microsoft, etc.)"
purpose_en: "Linking with external login provider (Google, Microsoft, etc.)"
risk_level: "LOW"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich wenn Nutzer Social Login waehlt"
legal_basis_justification_en: "Required when user chooses social login"
retention_period: "UNTIL_ACCOUNT_DELETION"
retention_justification_de: "Notwendig solange externe Anmeldung gewuenscht ist"
retention_justification_en: "Necessary while external login is desired"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "OAuth-Provider (nur ID-Austausch)"
technical_measures:
- "Minimale Datenuebernahme"
- "Kein Zugriff auf Provider-Profildaten"
tags:
- "authentication"
- "oauth"
- "social-login"
# ===========================================================================
# KATEGORIE B: CONSENT & PRAEFERENZEN
# ===========================================================================
# ---------------------------------------------------------------------------
# B1: Consent-Eintraege
# ---------------------------------------------------------------------------
- id: "dp-b1-consent"
code: "B1"
category: "CONSENT"
name_de: "Consent-Eintraege"
name_en: "Consent Records"
description_de: "Protokollierte Einwilligungen des Nutzers mit Zeitstempel"
description_en: "Recorded user consents with timestamps"
purpose_de: "Nachweis der Einwilligung gegenueber Aufsichtsbehoerden"
purpose_en: "Proof of consent to supervisory authorities"
risk_level: "LOW"
legal_basis: "LEGAL_OBLIGATION"
legal_basis_justification_de: "Nachweispflicht nach Art. 7 Abs. 1 DSGVO"
legal_basis_justification_en: "Accountability obligation under Art. 7(1) GDPR"
retention_period: "6_YEARS"
retention_justification_de: "Aufbewahrung fuer Audit-Zwecke (6 Jahre AO)"
retention_justification_en: "Retention for audit purposes (6 years)"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Unveraenderbare Protokollierung"
- "Digitale Signatur"
- "Versionierung"
tags:
- "consent"
- "compliance"
- "audit"
# ---------------------------------------------------------------------------
# B2: Cookie-Praeferenzen
# ---------------------------------------------------------------------------
- id: "dp-b2-cookie-prefs"
code: "B2"
category: "CONSENT"
name_de: "Cookie-Praeferenzen"
name_en: "Cookie Preferences"
description_de: "Vom Nutzer gewaehlte Cookie-Einstellungen"
description_en: "User-selected cookie settings"
purpose_de: "Speicherung der Cookie-Consent-Entscheidung"
purpose_en: "Storage of cookie consent decision"
risk_level: "LOW"
legal_basis: "CONSENT"
legal_basis_justification_de: "Speicherung der Einwilligungsentscheidung selbst"
legal_basis_justification_en: "Storage of the consent decision itself"
retention_period: "12_MONTHS"
retention_justification_de: "Branchenuebliche Auffrischung nach 12 Monaten"
retention_justification_en: "Industry-standard refresh after 12 months"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "First-Party Cookie"
- "Keine Drittanbieter-Weitergabe"
tags:
- "consent"
- "cookie"
- "preferences"
# ---------------------------------------------------------------------------
# B3: Sprach-/Regionspraeferenz
# ---------------------------------------------------------------------------
- id: "dp-b3-locale"
code: "B3"
category: "CONSENT"
name_de: "Sprach-/Regionspraeferenz"
name_en: "Language/Region Preference"
description_de: "Bevorzugte Sprache und Region des Nutzers"
description_en: "User's preferred language and region"
purpose_de: "Lokalisierung der Benutzeroberflaeche"
purpose_en: "User interface localization"
risk_level: "LOW"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Bestandteil der Servicefunktionalitaet"
legal_basis_justification_en: "Part of service functionality"
retention_period: "12_MONTHS"
retention_justification_de: "Erhalt der Nutzereinstellungen"
retention_justification_en: "Preservation of user settings"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "First-Party Cookie"
tags:
- "preferences"
- "localization"
- "ux"
# ===========================================================================
# KATEGORIE C: MARKETING & TRACKING
# ===========================================================================
# ---------------------------------------------------------------------------
# C1: Tracking-Pixel-Daten
# ---------------------------------------------------------------------------
- id: "dp-c1-tracking"
code: "C1"
category: "MARKETING"
name_de: "Tracking-Pixel-Daten"
name_en: "Tracking Pixel Data"
description_de: "Conversion-Tracking ueber Marketing-Pixel"
description_en: "Conversion tracking via marketing pixels"
purpose_de: "Messung der Werbewirksamkeit"
purpose_en: "Measuring advertising effectiveness"
risk_level: "HIGH"
legal_basis: "CONSENT"
legal_basis_justification_de: "Erfordert aktive Einwilligung (Cookie-Banner)"
legal_basis_justification_en: "Requires active consent (cookie banner)"
retention_period: "90_DAYS"
retention_justification_de: "Typische Conversion-Fenster"
retention_justification_en: "Typical conversion window"
cookie_category: "PERSONALIZATION"
is_special_category: false
requires_explicit_consent: true
third_party_recipients:
- "Google Ads"
- "Meta (Facebook/Instagram)"
- "LinkedIn Ads"
technical_measures:
- "Nur bei Consent aktiviert"
- "Anonymisierte User-IDs"
tags:
- "marketing"
- "tracking"
- "conversion"
# ---------------------------------------------------------------------------
# C2: Werbe-ID
# ---------------------------------------------------------------------------
- id: "dp-c2-advertising-id"
code: "C2"
category: "MARKETING"
name_de: "Werbe-ID"
name_en: "Advertising ID"
description_de: "Geraetuebergreifende Werbe-Identifikation"
description_en: "Cross-device advertising identification"
purpose_de: "Personalisierte Werbung und Remarketing"
purpose_en: "Personalized advertising and remarketing"
risk_level: "HIGH"
legal_basis: "CONSENT"
legal_basis_justification_de: "Erfordert aktive Einwilligung wegen Profilbildung"
legal_basis_justification_en: "Requires active consent due to profiling"
retention_period: "90_DAYS"
retention_justification_de: "Begrenzt auf Kampagnen-Zeitraum"
retention_justification_en: "Limited to campaign period"
cookie_category: "PERSONALIZATION"
is_special_category: false
requires_explicit_consent: true
third_party_recipients:
- "Werbenetzwerke"
- "Demand-Side-Platforms (DSP)"
technical_measures:
- "Opt-out Mechanismus"
- "Nur bei Consent gesetzt"
tags:
- "marketing"
- "advertising"
- "remarketing"
# ---------------------------------------------------------------------------
# C3: UTM-Parameter
# ---------------------------------------------------------------------------
- id: "dp-c3-utm"
code: "C3"
category: "MARKETING"
name_de: "UTM-Parameter"
name_en: "UTM Parameters"
description_de: "Kampagnen-Tracking-Parameter aus URLs"
description_en: "Campaign tracking parameters from URLs"
purpose_de: "Attribution von Marketing-Kampagnen"
purpose_en: "Marketing campaign attribution"
risk_level: "LOW"
legal_basis: "LEGITIMATE_INTEREST"
legal_basis_justification_de: "Berechtigtes Interesse an Kampagnenmessung"
legal_basis_justification_en: "Legitimate interest in campaign measurement"
retention_period: "30_DAYS"
retention_justification_de: "Kurze Speicherung fuer Session-Attribution"
retention_justification_en: "Short storage for session attribution"
cookie_category: "PERFORMANCE"
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Analytics-Dienste (aggregiert)"
technical_measures:
- "Aggregierte Auswertung"
- "Keine Personenbeziehbarkeit"
tags:
- "marketing"
- "analytics"
- "attribution"
# ---------------------------------------------------------------------------
# C4: Newsletter-Abonnement
# ---------------------------------------------------------------------------
- id: "dp-c4-newsletter"
code: "C4"
category: "MARKETING"
name_de: "Newsletter-Abonnement"
name_en: "Newsletter Subscription"
description_de: "E-Mail-Adresse und Praeferenzen fuer Newsletter"
description_en: "Email address and preferences for newsletter"
purpose_de: "Versand von Marketing-E-Mails und Produktneuheiten"
purpose_en: "Sending marketing emails and product news"
risk_level: "LOW"
legal_basis: "CONSENT"
legal_basis_justification_de: "Double-Opt-In Einwilligung erforderlich"
legal_basis_justification_en: "Double opt-in consent required"
retention_period: "UNTIL_REVOCATION"
retention_justification_de: "Bis zum Widerruf der Einwilligung"
retention_justification_en: "Until consent is revoked"
cookie_category: null
is_special_category: false
requires_explicit_consent: true
third_party_recipients:
- "E-Mail-Marketing-Plattform"
technical_measures:
- "Double-Opt-In"
- "Abmelde-Link in jeder E-Mail"
- "Protokollierung der Einwilligung"
tags:
- "marketing"
- "email"
- "newsletter"
# ===========================================================================
# KATEGORIE D: KOMMUNIKATION & SUPPORT
# ===========================================================================
# ---------------------------------------------------------------------------
# D1: Support-Ticket-Inhalt
# ---------------------------------------------------------------------------
- id: "dp-d1-support-ticket"
code: "D1"
category: "COMMUNICATION"
name_de: "Support-Ticket-Inhalt"
name_en: "Support Ticket Content"
description_de: "Inhalt von Kundenanfragen und Support-Tickets"
description_en: "Content of customer inquiries and support tickets"
purpose_de: "Bearbeitung und Nachverfolgung von Kundenanfragen"
purpose_en: "Processing and tracking customer inquiries"
risk_level: "MEDIUM"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich zur Erfuellung von Supportleistungen"
legal_basis_justification_en: "Required for fulfilling support services"
retention_period: "24_MONTHS"
retention_justification_de: "Nachvollziehbarkeit und Wissensbasis"
retention_justification_en: "Traceability and knowledge base"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Helpdesk-Software-Anbieter"
technical_measures:
- "Verschluesselte Speicherung"
- "Zugriffsbeschraenkung auf Support-Team"
tags:
- "support"
- "communication"
- "customer-service"
# ---------------------------------------------------------------------------
# D2: Chat-Verlaeufe
# ---------------------------------------------------------------------------
- id: "dp-d2-chat"
code: "D2"
category: "COMMUNICATION"
name_de: "Chat-Verlaeufe"
name_en: "Chat Histories"
description_de: "Verlaeufe von Live-Chat und Chatbot-Interaktionen"
description_en: "Histories of live chat and chatbot interactions"
purpose_de: "Kundenservice und Qualitaetssicherung"
purpose_en: "Customer service and quality assurance"
risk_level: "MEDIUM"
legal_basis: "LEGITIMATE_INTEREST"
legal_basis_justification_de: "Berechtigtes Interesse an Servicequalitaet"
legal_basis_justification_en: "Legitimate interest in service quality"
retention_period: "12_MONTHS"
retention_justification_de: "Qualitaetssicherung und Training"
retention_justification_en: "Quality assurance and training"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Chat-Software-Anbieter"
technical_measures:
- "Pseudonymisierung fuer Training"
- "Zugriffskontrolle"
tags:
- "support"
- "chat"
- "communication"
# ---------------------------------------------------------------------------
# D3: Anrufaufzeichnungen
# ---------------------------------------------------------------------------
- id: "dp-d3-call-recording"
code: "D3"
category: "COMMUNICATION"
name_de: "Anrufaufzeichnungen"
name_en: "Call Recordings"
description_de: "Aufzeichnungen von Telefongespaechen mit Kunden"
description_en: "Recordings of phone calls with customers"
purpose_de: "Qualitaetssicherung und Schulung"
purpose_en: "Quality assurance and training"
risk_level: "HIGH"
legal_basis: "CONSENT"
legal_basis_justification_de: "Ausdrueckliche Einwilligung vor Aufzeichnung erforderlich"
legal_basis_justification_en: "Explicit consent required before recording"
retention_period: "90_DAYS"
retention_justification_de: "Begrenzter Zeitraum fuer Qualitaetspruefung"
retention_justification_en: "Limited period for quality review"
cookie_category: null
is_special_category: false
requires_explicit_consent: true
third_party_recipients:
- "Telefonie-Anbieter"
technical_measures:
- "Verschluesselte Speicherung"
- "Zugriff nur fuer QA-Team"
- "Automatische Loeschung"
tags:
- "support"
- "phone"
- "recording"
# ===========================================================================
# KATEGORIE E: TRANSAKTION & ZAHLUNG
# ===========================================================================
# ---------------------------------------------------------------------------
# E1: Rechnungsadresse
# ---------------------------------------------------------------------------
- id: "dp-e1-billing-address"
code: "E1"
category: "TRANSACTION"
name_de: "Rechnungsadresse"
name_en: "Billing Address"
description_de: "Vollstaendige Rechnungsanschrift des Kunden"
description_en: "Complete billing address of the customer"
purpose_de: "Rechnungsstellung und steuerliche Dokumentation"
purpose_en: "Invoicing and tax documentation"
risk_level: "MEDIUM"
legal_basis: "LEGAL_OBLIGATION"
legal_basis_justification_de: "Aufbewahrungspflicht nach 147 AO, 257 HGB"
legal_basis_justification_en: "Retention obligation under tax law"
retention_period: "10_YEARS"
retention_justification_de: "Steuerliche Aufbewahrungsfrist"
retention_justification_en: "Tax retention period"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Steuerberater"
- "Buchhaltungssoftware"
technical_measures:
- "Verschluesselung"
- "Zugriffskontrolle"
- "Revisionssichere Archivierung"
tags:
- "payment"
- "billing"
- "tax"
# ---------------------------------------------------------------------------
# E2: Zahlungsmethode (Token)
# ---------------------------------------------------------------------------
- id: "dp-e2-payment-token"
code: "E2"
category: "TRANSACTION"
name_de: "Zahlungsmethode (Token)"
name_en: "Payment Method (Token)"
description_de: "Tokenisierte Zahlungsinformationen (keine Klardaten)"
description_en: "Tokenized payment information (no clear data)"
purpose_de: "Wiederkehrende Zahlungen und Abonnements"
purpose_en: "Recurring payments and subscriptions"
risk_level: "HIGH"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich fuer Zahlungsabwicklung"
legal_basis_justification_en: "Required for payment processing"
retention_period: "36_MONTHS"
retention_justification_de: "Dauer der Kundenbeziehung plus Rueckbuchungsfrist"
retention_justification_en: "Duration of customer relationship plus chargeback period"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Payment Service Provider (Stripe, PayPal)"
technical_measures:
- "PCI-DSS Konformitaet"
- "Tokenisierung"
- "Keine Speicherung von Kartennummern"
tags:
- "payment"
- "token"
- "pci-dss"
# ---------------------------------------------------------------------------
# E3: Transaktionshistorie
# ---------------------------------------------------------------------------
- id: "dp-e3-transactions"
code: "E3"
category: "TRANSACTION"
name_de: "Transaktionshistorie"
name_en: "Transaction History"
description_de: "Historie aller Kaeufe und Transaktionen"
description_en: "History of all purchases and transactions"
purpose_de: "Nachweis von Vertragserfuellung und Buchfuehrung"
purpose_en: "Proof of contract fulfillment and accounting"
risk_level: "MEDIUM"
legal_basis: "LEGAL_OBLIGATION"
legal_basis_justification_de: "Aufbewahrungspflicht nach 147 AO"
legal_basis_justification_en: "Retention obligation under tax law"
retention_period: "10_YEARS"
retention_justification_de: "Steuerliche Aufbewahrungsfrist"
retention_justification_en: "Tax retention period"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Steuerberater"
- "Wirtschaftspruefer"
technical_measures:
- "Revisionssichere Archivierung"
- "Verschluesselung"
tags:
- "payment"
- "transactions"
- "accounting"
# ===========================================================================
# KATEGORIE F: KUNDENSEGMENTE
# ===========================================================================
# ---------------------------------------------------------------------------
# F1: Unternehmenszuordnung
# ---------------------------------------------------------------------------
- id: "dp-f1-company"
code: "F1"
category: "SEGMENTATION"
name_de: "Unternehmenszuordnung"
name_en: "Company Assignment"
description_de: "Zuordnung zu einem Unternehmenskonto (B2B)"
description_en: "Assignment to a company account (B2B)"
purpose_de: "B2B-Kundenmanagement und Rechnungsstellung"
purpose_en: "B2B customer management and invoicing"
risk_level: "LOW"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich fuer B2B-Vertragsbeziehung"
legal_basis_justification_en: "Required for B2B contract relationship"
retention_period: "UNTIL_PURPOSE_FULFILLED"
retention_justification_de: "Dauer der Geschaeftsbeziehung"
retention_justification_en: "Duration of business relationship"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Mandantentrennung"
- "Zugriffskontrolle"
tags:
- "b2b"
- "organization"
- "segmentation"
# ---------------------------------------------------------------------------
# F2: Rolle/Position
# ---------------------------------------------------------------------------
- id: "dp-f2-role"
code: "F2"
category: "SEGMENTATION"
name_de: "Rolle/Position"
name_en: "Role/Position"
description_de: "Funktion und Berechtigungsstufe des Nutzers"
description_en: "Function and permission level of the user"
purpose_de: "Berechtigungssteuerung und Funktionszugriff"
purpose_en: "Permission control and feature access"
risk_level: "LOW"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich fuer Berechtigungsmanagement"
legal_basis_justification_en: "Required for permission management"
retention_period: "UNTIL_PURPOSE_FULFILLED"
retention_justification_de: "Dauer der Rollenzuweisung"
retention_justification_en: "Duration of role assignment"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "RBAC-System"
- "Audit-Logging"
tags:
- "authorization"
- "roles"
- "permissions"
# ---------------------------------------------------------------------------
# F3: Kundenkategorie
# ---------------------------------------------------------------------------
- id: "dp-f3-customer-category"
code: "F3"
category: "SEGMENTATION"
name_de: "Kundenkategorie"
name_en: "Customer Category"
description_de: "Kundensegment fuer Preisgestaltung (z.B. Startup, Enterprise)"
description_en: "Customer segment for pricing (e.g., Startup, Enterprise)"
purpose_de: "Preisdifferenzierung und Angebotserstellung"
purpose_en: "Price differentiation and offer creation"
risk_level: "LOW"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Bestandteil der Vertragskonditionen"
legal_basis_justification_en: "Part of contract conditions"
retention_period: "UNTIL_PURPOSE_FULFILLED"
retention_justification_de: "Dauer des Vertragsverhältnisses"
retention_justification_en: "Duration of contractual relationship"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Zugriffskontrolle"
tags:
- "pricing"
- "segmentation"
- "b2b"
# ===========================================================================
# KATEGORIE G: KI & FEEDBACK
# ===========================================================================
# ---------------------------------------------------------------------------
# G1: KI-Prompt-Daten
# ---------------------------------------------------------------------------
- id: "dp-g1-ai-prompts"
code: "G1"
category: "AI_FEEDBACK"
name_de: "KI-Prompt-Daten"
name_en: "AI Prompt Data"
description_de: "Nutzereingaben an KI-Assistenten und generierte Antworten"
description_en: "User inputs to AI assistants and generated responses"
purpose_de: "Bereitstellung von KI-gestuetzten Funktionen"
purpose_en: "Provision of AI-powered features"
risk_level: "HIGH"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich fuer KI-Funktionalitaet des Dienstes"
legal_basis_justification_en: "Required for AI functionality of the service"
retention_period: "90_DAYS"
retention_justification_de: "Kurze Aufbewahrung fuer Kontexterhaltung"
retention_justification_en: "Short retention for context preservation"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "KI-API-Anbieter (Anthropic, OpenAI)"
technical_measures:
- "Keine Verwendung fuer Training"
- "Pseudonymisierung"
- "Verschluesselte Uebertragung"
tags:
- "ai"
- "llm"
- "prompts"
# ---------------------------------------------------------------------------
# G2: Feedback-Bewertungen
# ---------------------------------------------------------------------------
- id: "dp-g2-feedback"
code: "G2"
category: "AI_FEEDBACK"
name_de: "Feedback-Bewertungen"
name_en: "Feedback Ratings"
description_de: "Nutzerbewertungen und Feedback zu Funktionen"
description_en: "User ratings and feedback on features"
purpose_de: "Qualitaetsmessung und Produktverbesserung"
purpose_en: "Quality measurement and product improvement"
risk_level: "LOW"
legal_basis: "LEGITIMATE_INTEREST"
legal_basis_justification_de: "Berechtigtes Interesse an Produktqualitaet"
legal_basis_justification_en: "Legitimate interest in product quality"
retention_period: "24_MONTHS"
retention_justification_de: "Langzeitanalyse von Qualitaetstrends"
retention_justification_en: "Long-term analysis of quality trends"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Aggregierte Auswertung"
- "Optional: Anonymisierung"
tags:
- "feedback"
- "quality"
- "analytics"
# ---------------------------------------------------------------------------
# G3: RAG-Embedding-Kontext
# ---------------------------------------------------------------------------
- id: "dp-g3-rag"
code: "G3"
category: "AI_FEEDBACK"
name_de: "RAG-Embedding-Kontext"
name_en: "RAG Embedding Context"
description_de: "Temporaerer Kontext fuer kontextuelle KI-Antworten"
description_en: "Temporary context for contextual AI responses"
purpose_de: "Bereitstellung kontextbezogener KI-Antworten"
purpose_en: "Provision of context-aware AI responses"
risk_level: "MEDIUM"
legal_basis: "CONTRACT"
legal_basis_justification_de: "Erforderlich fuer kontextuelle KI-Funktionalitaet"
legal_basis_justification_en: "Required for contextual AI functionality"
retention_period: "24_HOURS"
retention_justification_de: "Kurzlebiger Session-Kontext"
retention_justification_en: "Short-lived session context"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "In-Memory-Speicherung"
- "Automatische Bereinigung"
- "Keine persistente Speicherung"
tags:
- "ai"
- "rag"
- "embeddings"
# ===========================================================================
# KATEGORIE H: SECURITY & AUDIT
# ===========================================================================
# ---------------------------------------------------------------------------
# H1: IP-Adresse
# ---------------------------------------------------------------------------
- id: "dp-h1-ip"
code: "H1"
category: "SECURITY_AUDIT"
name_de: "IP-Adresse"
name_en: "IP Address"
description_de: "IP-Adresse des Nutzers bei Anfragen"
description_en: "User's IP address during requests"
purpose_de: "Sicherheit, Missbrauchserkennung, Geo-Blocking"
purpose_en: "Security, abuse detection, geo-blocking"
risk_level: "MEDIUM"
legal_basis: "LEGITIMATE_INTEREST"
legal_basis_justification_de: "Berechtigtes Interesse an IT-Sicherheit"
legal_basis_justification_en: "Legitimate interest in IT security"
retention_period: "90_DAYS"
retention_justification_de: "Ausreichend fuer Sicherheitsanalysen"
retention_justification_en: "Sufficient for security analysis"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "Security-Monitoring-Dienste"
technical_measures:
- "IP-Anonymisierung nach Analyse"
- "Geo-IP nur auf Landesebene"
tags:
- "security"
- "network"
- "audit"
# ---------------------------------------------------------------------------
# H2: Login-Protokolle
# ---------------------------------------------------------------------------
- id: "dp-h2-login-logs"
code: "H2"
category: "SECURITY_AUDIT"
name_de: "Login-Protokolle"
name_en: "Login Logs"
description_de: "Protokoll erfolgreicher und fehlgeschlagener Anmeldeversuche"
description_en: "Log of successful and failed login attempts"
purpose_de: "Sicherheitsaudit und Erkennung von Angriffen"
purpose_en: "Security audit and attack detection"
risk_level: "MEDIUM"
legal_basis: "LEGITIMATE_INTEREST"
legal_basis_justification_de: "Berechtigtes Interesse an Accountsicherheit"
legal_basis_justification_en: "Legitimate interest in account security"
retention_period: "12_MONTHS"
retention_justification_de: "Ausreichend fuer Sicherheitsforensik"
retention_justification_en: "Sufficient for security forensics"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients:
- "SIEM-System"
technical_measures:
- "Unveraenderbare Logs"
- "Zugriffsbeschraenkung"
tags:
- "security"
- "authentication"
- "audit"
# ---------------------------------------------------------------------------
# H3: Aenderungshistorie
# ---------------------------------------------------------------------------
- id: "dp-h3-audit-trail"
code: "H3"
category: "SECURITY_AUDIT"
name_de: "Aenderungshistorie"
name_en: "Change History"
description_de: "Audit-Trail aller wichtigen Aenderungen im System"
description_en: "Audit trail of all important system changes"
purpose_de: "Nachvollziehbarkeit und Compliance-Nachweis"
purpose_en: "Traceability and compliance documentation"
risk_level: "LOW"
legal_basis: "LEGAL_OBLIGATION"
legal_basis_justification_de: "Aufbewahrungspflicht fuer revisionssichere Dokumentation"
legal_basis_justification_en: "Retention obligation for audit-proof documentation"
retention_period: "6_YEARS"
retention_justification_de: "Aufbewahrungsfrist nach AO"
retention_justification_en: "Retention period under tax law"
cookie_category: null
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Unveraenderbare Logs"
- "Digitale Signatur"
- "Revisionssichere Archivierung"
tags:
- "audit"
- "compliance"
- "traceability"
# ---------------------------------------------------------------------------
# H4: Geraetefingerprint
# ---------------------------------------------------------------------------
- id: "dp-h4-device-fingerprint"
code: "H4"
category: "SECURITY_AUDIT"
name_de: "Geraetefingerprint"
name_en: "Device Fingerprint"
description_de: "Hash aus Geraete- und Browser-Merkmalen"
description_en: "Hash of device and browser characteristics"
purpose_de: "Betrugsverhinderung und Geraeteerkennung"
purpose_en: "Fraud prevention and device recognition"
risk_level: "MEDIUM"
legal_basis: "LEGITIMATE_INTEREST"
legal_basis_justification_de: "Berechtigtes Interesse an Betrugspraevention"
legal_basis_justification_en: "Legitimate interest in fraud prevention"
retention_period: "30_DAYS"
retention_justification_de: "Kurze Speicherung fuer Sessionverknuepfung"
retention_justification_en: "Short storage for session linking"
cookie_category: "ESSENTIAL"
is_special_category: false
requires_explicit_consent: false
third_party_recipients: []
technical_measures:
- "Einweg-Hashing"
- "Keine Rueckberechnung moeglich"
tags:
- "security"
- "fraud"
- "device"
# =============================================================================
# RETENTION MATRIX
# =============================================================================
retention_matrix:
- category: "AUTHENTICATION"
category_name_de: "Authentifizierung"
category_name_en: "Authentication"
standard_period: "UNTIL_ACCOUNT_DELETION"
legal_basis: "Vertragserfuellung (Art. 6 Abs. 1 lit. b DSGVO)"
exceptions:
- condition_de: "Session-Daten"
condition_en: "Session data"
period: "24_HOURS"
reason_de: "Sicherheitsbedingte Kurzlebigkeit"
reason_en: "Security-related short lifespan"
- category: "CONSENT"
category_name_de: "Einwilligungen"
category_name_en: "Consents"
standard_period: "6_YEARS"
legal_basis: "Nachweispflicht (Art. 7 Abs. 1 DSGVO), AO"
exceptions:
- condition_de: "Cookie-Praeferenzen"
condition_en: "Cookie preferences"
period: "12_MONTHS"
reason_de: "Branchenuebliche Auffrischung"
reason_en: "Industry-standard refresh"
- category: "MARKETING"
category_name_de: "Marketing"
category_name_en: "Marketing"
standard_period: "90_DAYS"
legal_basis: "Einwilligung (Art. 6 Abs. 1 lit. a DSGVO)"
exceptions:
- condition_de: "Newsletter-Abonnements"
condition_en: "Newsletter subscriptions"
period: "UNTIL_REVOCATION"
reason_de: "Dauerhaft bis Widerruf"
reason_en: "Permanent until revocation"
- category: "COMMUNICATION"
category_name_de: "Kommunikation"
category_name_en: "Communication"
standard_period: "24_MONTHS"
legal_basis: "Vertragserfuellung / Berechtigtes Interesse"
exceptions:
- condition_de: "Anrufaufzeichnungen"
condition_en: "Call recordings"
period: "90_DAYS"
reason_de: "Begrenzte Qualitaetssicherung"
reason_en: "Limited quality assurance"
- category: "TRANSACTION"
category_name_de: "Transaktionen"
category_name_en: "Transactions"
standard_period: "10_YEARS"
legal_basis: "Aufbewahrungspflicht 147 AO, 257 HGB"
exceptions: []
- category: "SEGMENTATION"
category_name_de: "Segmentierung"
category_name_en: "Segmentation"
standard_period: "UNTIL_PURPOSE_FULFILLED"
legal_basis: "Vertragserfuellung (Art. 6 Abs. 1 lit. b DSGVO)"
exceptions: []
- category: "AI_FEEDBACK"
category_name_de: "KI & Feedback"
category_name_en: "AI & Feedback"
standard_period: "90_DAYS"
legal_basis: "Vertragserfuellung / Berechtigtes Interesse"
exceptions:
- condition_de: "RAG-Kontext"
condition_en: "RAG context"
period: "24_HOURS"
reason_de: "Kurzlebiger Session-Kontext"
reason_en: "Short-lived session context"
- category: "SECURITY_AUDIT"
category_name_de: "Security & Audit"
category_name_en: "Security & Audit"
standard_period: "12_MONTHS"
legal_basis: "Berechtigtes Interesse / Rechtliche Verpflichtung"
exceptions:
- condition_de: "Aenderungshistorie"
condition_en: "Change history"
period: "6_YEARS"
reason_de: "Revisionssichere Archivierung"
reason_en: "Audit-proof archiving"
# =============================================================================
# COOKIE CATEGORY MAPPINGS
# =============================================================================
cookie_categories:
ESSENTIAL:
name_de: "Technisch notwendig"
name_en: "Essential"
description_de: "Diese Cookies sind fuer den Betrieb der Website erforderlich und koennen nicht deaktiviert werden."
description_en: "These cookies are required for the website to function and cannot be disabled."
is_required: true
default_enabled: true
data_points:
- "dp-a3-session"
- "dp-a4-refresh"
- "dp-b1-consent"
- "dp-b2-cookie-prefs"
- "dp-b3-locale"
- "dp-h1-ip"
- "dp-h4-device-fingerprint"
PERFORMANCE:
name_de: "Analyse & Performance"
name_en: "Analytics & Performance"
description_de: "Diese Cookies helfen uns, die Nutzung der Website zu verstehen und zu verbessern."
description_en: "These cookies help us understand and improve website usage."
is_required: false
default_enabled: false
data_points:
- "dp-c3-utm"
PERSONALIZATION:
name_de: "Personalisierung"
name_en: "Personalization"
description_de: "Diese Cookies ermoeglichen personalisierte Werbung und Inhalte."
description_en: "These cookies enable personalized advertising and content."
is_required: false
default_enabled: false
data_points:
- "dp-c1-tracking"
- "dp-c2-advertising-id"
EXTERNAL_MEDIA:
name_de: "Externe Medien"
name_en: "External Media"
description_de: "Diese Cookies erlauben die Einbindung externer Medien wie Videos und Karten."
description_en: "These cookies allow embedding external media like videos and maps."
is_required: false
default_enabled: false
data_points: []
Reference in New Issue View Git Blame Copy Permalink