Back

Provide users a list of the available dispute resolution bodies.


CONTROL ID
13814
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a consumer complaint management program., CC ID: 04570

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The payment service provider shall inform the payment service user about at least one ADR entity which is competent to deal with disputes concerning the rights and obligations arising under Titles III and IV. (Art 101(3), DIRECTIVE (EU) 2015/2366 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC)
  • Secondly, individuals can also bring a complaint directly to the independent dispute resolution body (either in the United States or in the Union) designated by an organisation to investigate and resolve individual complaints (unless they are obviously unfounded or frivolous) and to provide appropri… (2.4 (70), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Sixthly, as a recourse mechanism of 'last resort' in case none of the other available redress avenues has satisfactorily resolved an individual's complaint, the Union data subject may invoke binding arbitration by the 'EU-U.S. Data Privacy Framework Panel' (EU-U.S. DPF Panel). Organisations must inf… (2.4 (81), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • The EU-U.S. DPF, through the Recourse, Enforcement and Liability Principle, requires organisations to provide recourse for individuals who are affected by non-compliance and thus the possibility for Union data subjects to lodge complaints regarding non-compliance by EU-U.S. DPF organisations and to … (2.4 (66), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • First, a specific redress mechanism is established, under EO 14086, complemented by the AG Regulation establishing the Data Protection Review Court, to handle and resolve complaints from individuals concerning U.S. signals intelligence activities. Any individual in the EU is entitled to submit a com… (3.2.3 (176), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • In addition, organisations must make their privacy policies reflecting the Principles public (or, in the case of human resources data, make them readily available to the concerned individuals) and provide links to the DoC's website (with further details on certification, the rights of data subjects … (2.2.4 (28), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • This is ensured through the Notice Principle , which, similarly to the transparency requirements under Regulation (EU) 2016/679, requires organisations to inform data subjects about, inter alia, (i) the participation of the organisation in the DPF, (ii) the type of data collected, (iii) the purpose … (2.2.4 (26), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • how to contact the organization with any inquiries or complaints, including any relevant establishment in the EU that can respond to such inquiries or complaints, (II.1.a.v., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • how to contact the organization with any inquiries or complaints, including any relevant establishment in Switzerland that can respond to such inquiries or complaints, (ii.1.a.v., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • how to contact the organization with any inquiries or complaints, including any relevant establishment in the EU that can respond to such inquiries or complaints, (II.1.a.v., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)