This eBay Partner Network Agreement (“Agreement”) is made by and between you (“you” or “Affiliate”) and eBay Partner Network, Inc. (“EPN”), a Delaware corporation with an address at 2145 Hamilton Ave., San Jose, CA 95125. This Agreement sets forth the terms and conditions applicable to your participation in EPN’s affiliate network (the “Network”) pursuant to which you may earn performance-based compensation through approved promotional methods that display or direct end users to participating websites and that result in Qualifying Transactions (as defined below).
By accepting the terms of this Agreement and submitting an application to participate in the Network you agree to be bound by the terms and conditions of this Agreement, the EPN Privacy Notice, the eBay Data Protection Requirements Addendum (“DPRA”), and the applicable Program Details, which are incorporated by reference into this Agreement.
This Agreement was published on the Network website on November 11, 2019. If you joined the Network on or after November 11, 2019, the terms set forth herein shall apply to you immediately. If you were already a member of the Network on November 10, 2019, these terms will take effect for you in accordance with the “Amendment” section of the version of the EPN Network Agreement that you accepted when you joined the Network.
Advertiser – eBay Inc. or an eBay Corporate Family Member that elects to participate in the Network, as specified in the applicable Program Details.
Affiliates – A company or individual entity that participates in the Network to earn compensation for Qualifying Transactions.
Agent – A sub-affiliate, sub-publisher, distribution partner or other similar third-party relationship through which an Affiliate participates in a Program. Agents are subject to EPN’s prior written approval in accordance with Section III.C.
To promote ethical and legal business practices, EPN requires that all Affiliates comply with the requirements in this Code of Conduct (“Code of Conduct”).
By participating in the Network, you agree to comply with the terms of the DPRA attached as Exhibit B and incorporated herein by reference, as the same may be updated from time to time.
1. Purpose and Scope:
This Data Protection Requirements Addendum (the “DPRA”) reflects your commitment to abide by Applicable Law concerning the Processing of the eBay Data (defined below). This DPRA prescribes the minimum data protection and information security standards that you, your agents and assigns must meet and maintain in order to protect eBay Data from unauthorized use, access, disclosure, theft, manipulation, reproduction, a Security Breach (defined below) or otherwise during the term of the EPN Network Agreement (“Terms”) and for any period thereafter during which you, your agents or assigns has possession of or access to any eBay Data.
Capitalized terms used but not defined herein shall have the meaning set forth in the Terms.
a. “Applicable Law” means any applicable data protection, privacy, or information security laws, codes, and regulations or other binding restrictions governing Processing of eBay Data.
b. “Data Centers” means locations at which you provide data Processing or transmission functions in support of your Application. Data Centers can be owned by you or by a third party.
c. “Data Controller” means the party that determines the purposes of the Processing of Personal Data.
d. “Data Processor” means the party that Processes Personal Data on behalf of, and under the instruction of, the Data Controller.
e. “Data Subject” means the identified or identifiable person who is the subject of Personal Data.
f. “eBay Data” means data or information (regardless of form, e.g., electronic, paper copy, etc.) transmitted through the eBay API(s), Promotional Tools or otherwise provided by or on behalf of eBay to you. For avoidance of doubt, you acknowledge that eBay Data includes, without limitation, EPN User Data. eBay Data may be classified as:
i. “Confidential Data”: Information that is intended only for a limited audience within eBay or whose release would likely have an adverse financial or reputational effect on eBay, eBay customers, or eBay clients. Examples include, but are not limited to: customer or client customer individual names, email addresses, physical addresses and any other information that correlates to a person, software source code, customer personal contact information, customer email addresses, etc.; or
ii. “Personal Data”: data or information that makes a natural person identified or identifiable or is a numerical, physical, physiological, cultural, economic, mental or other factor of identity relating to an identified or identifiable person.
eBay Data specifically excludes data classified by eBay as “Restricted Data,” which includes highly sensitive or regulated information that is intended only for a limited audience within eBay or whose release would likely have a material adverse financial or reputational effect on eBay or any Data Subject. Examples include but are not limited to: (i) Government issued identification numbers for specific countries (e.g., USA Social Security number; Germany Shufa ID, Canada Social Insurance number, driver’s license number; state identification number); (ii) Bank account numbers and related bank wire transfer financial information; and (iii) customer date of birth.
You agree that you will not attempt to access, receive, transmit, process or store any “Restricted Data”
g. “Processing” or “Processes” means any operation or set of operations which is performed upon eBay Personal Data, whether by automatic means or not, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
h. “Security Breach” means a compromise of the systems in which eBay Data has been accessed or acquired by one or more unauthorized parties, or you or eBay reasonably suspects that such a breach of security may have occurred, or any act that violates any Applicable Law. For the avoidance of doubt, “a compromise of the systems” includes, but is not limited to: misuse, loss, destruction, unauthorized access, collection, retention, storage, or transfer.
i. “Sub-Processor” means any of your Affiliates, agents or assigns that Processes eBay Personal Data subject to the Terms, and any unaffiliated Data Processor engaged by you or by your Affiliates.
3. REASONABLE SECURITY:
Service Provider represents, warrants, and agrees to use Security Measures (as defined below) (i) to ensure the protection of the rights and freedoms of the Data Subjects in accordance with Applicable Laws and Regulations, in particular with Art. 32 of the Regulation 2016/679/EU, (ii) to ensure the security of eBay Data from any unauthorized access, (iii) to protect the availability, confidentiality, and integrity of any eBay Data collected, accessed, used, or transmitted by Service Provider in connection with this Agreement (including but not limited to appropriate data protection and disaster recovery) and (iv) to protect and secure any and all hosts, networks, applications, and physical premises used in any way to perform Service Provider’s responsibilities under this Agreement. Service Provider agrees that “Security Measures” shall mean commercially reasonable security-related policies, standards, and practices commensurate with the size and complexity of Service Provider’s business, the level of sensitivity of the data collected, handled and stored, and the nature of Service Provider’s business activities, provided that all such policies, standards, and practices shall, at a minimum, comply with any Applicable Laws and Regulations and shall give due consideration to information security management systems, physical security, physical access control, access control to systems, access control to data, disclosure control, input control, security and privacy enhancing technologies, awareness, training and security checks in relation to Service Provider Personnel (job control), availability control, segregation control, incident response management/business continuity and audit controls/due diligence. Service Provider further represents, warrants and agrees to (v) implement industry standard security controls to detect malware on any ads served by Service Provider or its partners to a person and take appropriate actions to remove identified malware in a timely manner. Service Provider shall provide a detailed description of the Security Measures in Appendix 2.
4. Logical Security:
a. Access Controls. You certify that you employ access control mechanisms that:
i. prevent unauthorized access to eBay Data; ii. limit access to your personnel with a business need to know;
ii. follow the principle of least privilege allowing access to only the information and resources that are necessary under the Terms; and
b. Regular Review of Access Controls. You will maintain a process to review access controls on a minimum annual basis for all of your systems that contain eBay Data, including any system that, via any form of communication interface, can connect to the system on which eBay Data is stored. You will maintain the same processes of review and validation for any third party hosted systems you use that contain eBay Data.
c. Malicious Code Protection. All workstations and servers will run the current version of industry standard anti-virus software with the most recent updates available on each workstation or server. Virus definitions must be updated within twenty-four (24) hours of release by the anti-virus software vendor.
5. Security Vulnerability Management:
a. Vulnerability Management and Application Security Assessments. Service Provider must run internal and external network vulnerability scans at least annually and after any material change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades). Vulnerabilities identified and rated as high risk by the Service Provider will be remediated within ninety (90) days of discovery.
b. For all Internet-facing applications that collect, transmit or display eBay Data, Service Provider agrees to conduct an application security assessment review to identify common security vulnerabilities as identified by industry-recognized organizations (e.g., OWASP Top 10 Vulnerabilities; CWE/SANS Top 25 vulnerabilities) annually or for all major releases, whichever occurs first. At a minimum, it will cover the OWASP Top 10 vulnerabilities (https://www.owasp.org).
c. Patch Management. You will patch all workstations and servers with all current operating system, database and application patches deployed in your computing environment according to a schedule predicated on the criticality of the patch. You must perform appropriate steps to help ensure patches do not compromise the security of the information resources being patched. All emergency or critical rated patches must be applied as soon as possible but at no time will exceed thirty (30) days from the date of release.
6. eBay Security Assessments and Audits:
Service Provider shall, upon reasonable notice, allow its data processing procedures and documentation to be inspected by eBay (or its designee) in order to ascertain compliance with this DPRA or any agreements between eBay and Service Provider. Service Provider shall fully cooperate with audit requests by providing access to relevant knowledgeable Personnel and documentation.
7. Security Breach:
Service Provider will maintain an industry standard incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put eBay Data at risk (“Breach”), Service Provider shall take commercially reasonable measures to mitigate the harmful effects of the Incident. Service Provider shall also notify eBay of the Breach as soon as practicable, but in no event later than 24 hours after the Breach and in any case before notifying any relevant authority. Notice to eBay shall be written to CSIRT@eBay.com. Service Provider must ensure that affected third parties are notified of the Breach, at eBay’s sole discretion, either by notifying such third parties after eBay has reviewed and approved the language and method of notice, or by enabling eBay to notify such third parties itself. Service Provider agrees to cover the costs of any such notification, including reimbursing eBay for any reasonable costs such as to provide credit monitoring to affected Data Subjects. For the avoidance of doubt, eBay controls the means and timing of any such notification.
8. DATA RETENTION AND DELETION:
To the extent permitted by law, Service Provider will only retain eBay Data for as long as services are provided to eBay in accordance with its Processing Instructions. Service Provider agrees to dispose of eBay Data using a method that prevents any recovery of the data in accordance with industry best practices when it is no longer required for the purpose of the Agreement, upon termination of the Agreement or at any time upon written request from eBay, whichever occurs earlier. Service Provider agrees to provide eBay with a written confirmation regarding the deletion of data upon request.
9. DATA OWNERSHIP:
eBay retains all ownership rights in eBay Data. eBay does not in any way assign, transfer, or convey title of eBay Data to Service Provider. For the avoidance of doubt, Service Provider acknowledges and agrees that it has no ownership of, or right to use, sell, rent, lease, copy, access, combine, reproduce, display, perform, modify, transfer, or disclose eBay Data, or any derivative works thereof, except as expressly provided in eBay’s Processing Instructions. eBay grants to Service Provider a non-exclusive, non-transferable, non-sublicensable right and license to access, use, copy, display, combine, reproduce, perform, modify, transfer and disclose eBay Data and content during the duration of the Agreement for the limited purposes of providing the Services to eBay pursuant to its Processing Instructions; provided that, Service Provider may delegate its duties and obligations, and the license granted in this sentence, to its Sub-processors in compliance with this Addendum for the limited purposes of providing the Services to eBay pursuant to its Processing Instructions. eBay represents and warrants that it has the necessary rights and licenses to share the Personal Data with Service Provider so that Service Provider and its Sub-Processors may lawfully use, process and transfer the Personal Data in accordance with this DPRA and the Agreement. Further, eBay acknowledges and agrees that normal operation and use of the Services will permit eBay’s Authorized Personnel to access, use, copy, display, combine, reproduce, perform, modify, transfer and disclose eBay Data and content.
Your obligations and eBay’s rights under this DPRA shall become effective on the Effective Date of the Terms and will continue in effect so long as you possess eBay Data.
If and to the extent language in this DPRA conflicts with the Terms, this DPRA shall control.
12. Processing of Personal Data:
The following additional terms shall apply to the Processing of Personal Data by you:
a. Processing Instructions: You shall Process Personal Data only to deliver services in accordance with the Terms and/or eBay’s written instructions. For the avoidance of doubt, eBay’s written instructions for the Processing of Personal Data shall comply with Applicable Law. In the event you reasonably believe there is a conflict amongst Applicable Law or that eBay’s instructions conflict with any Applicable Law, you will inform eBay immediately and shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
b. Use of Sub-Processors:
i. Contractual Privity. Your obligations under this DPRA shall apply to Sub-Processors. You are authorized to use Sub-Processors, provided that you represent and warrant that any approved SubProcessor is contractually bound to meet all data protection obligations required by the Terms, eBay’s Processing instructions, and by Applicable Law. Proof of these contractual obligations, in which commercially sensitive terms may be redacted, shall be provided to eBay promptly upon request. In the event that eBay reasonably believes a Sub-Processor Processes eBay Personal Data without having entered into a contractual agreement with you containing data protection obligations required by the Terms, eBay’s Processing instructions or by Applicable Law, eBay will promptly inform you and you shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
ii. List Maintenance. You shall maintain a list of all Sub-Processors you have engaged to Process eBay Personal Data. Where required by law, you shall (i) inform eBay of any intended changes concerning the addition or replacement of Sub-Processors with access to eBay Personal Data and give eBay the opportunity to object to such changes, and (ii) obtain the prior written consent of eBay before entering into any such agreement (unless expressly waived in a written agreement).
iii. Organizational, Technical, and Physical Safeguards. You must restrict through organizational, technical, and physical safeguards the Sub-Processor’s access to eBay Personal Data to that which is only strictly necessary to perform its subcontracted Processing services to you (which shall be consistent with the Processing Instructions issued to you by eBay). Additionally, you will prohibit through organizational, technical and physical safeguards the Sub-Processor from Processing eBay Personal Data for any other purpose. Sub-Processors must similarly implement appropriate organizational, technical and physical measures to ensure that the Processing of eBay Data occurs in strict accordance with the Terms, eBay’s Processing instructions and Applicable Law and Regulations.
iv. Sub-Processor Liability. You shall remain liable for any act or omission of a Sub-Processor that does not comply with the Terms, any Processing instructions or the requirements of Applicable Law.
14.3 Transfer of Personal Data: You shall not cause or permit any Personal Data to be transferred across borders in breach of Applicable Law. Cross-border transfers of Personal Data subject to legal restrictions by Applicable Law shall require eBay’s prior written consent. For the avoidance of doubt, this transfer restriction does not pertain to eBay personnel access to Personal Data.
14.4 Limitation on Disclosure of Personal Data: To the extent legally permitted, you shall immediately notify eBay in writing upon receipt of an order, demand, or document purporting to request, demand or compel the production of Personal Data to any third party. You shall not disclose Personal Data to the third party without providing eBay at least forty-eight (48) hours’ notice, so that eBay may, at its own expense, exercise such rights as it may have under Applicable Law to prevent or limit such disclosure. Notwithstanding the foregoing, you will exercise commercially reasonable efforts to prevent and limit any such disclosure and to otherwise preserve the confidentiality of Personal Data; additionally, you will cooperate with eBay with respect to any action taken pursuant to such order, demand, or other document request, including to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to Personal Data.
14.5 Compliance with Applicable Law: You shall Process Personal Data in accordance with Applicable Law. You represent and warrant that you will maintain privacy policies sufficient to protect the Personal Data and compliant with the Applicable Law.
14.6 Liability and Indemnification: You shall be liable for any of your acts and/or omissions relating to the obligations in this DPRA that result in a Security Breach of eBay’s Personal Data. You shall indemnify, defend and hold eBay harmless from and against all liabilities, costs, damages, claims and expenses relating to Security Breaches that arise from or in connection with your breach of your obligations stated in this DPRA.
14. 7 Personal Data transmitted to eBay: Prior to sharing any Personal Data with eBay, you shall ensure that Data Subjects are appropriately notified of and have consented to eBay’s privacy practices. You warrant that you have a legitimate basis and adequate title to collect and share Personal Data with eBay.
This Privacy Notice describes how eBay Partner Network, Inc. (“EPN”) collects, uses, discloses, retains, and protects your personal information. It applies to any EPN site where this Privacy Notice appears in the footer, and to any EPN application, service, or tool (collectively “Services”) where this Privacy Notice is referenced, regardless of how you access or use them, including through mobile devices.
You are contracting with eBay Partner Network, Inc. The company you are contracting with is your data controller, and is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our global privacy standards as well as any applicable national laws. Your data controller may transfer data to other members of the eBay Inc. corporate family as described in this Privacy Notice. We may process and retain your personal information on our servers in the U.S. and elsewhere in the world where our data centers are located.
We may change this notice from time to time, and we will post the amended terms at https://partnernetwork.ebay.com/legal and notify you by email of major changes. Amended terms will take effect immediately for new users, and 5 days after they are posted for existing users.
What is Personal Information?
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We do not consider personal information to include information that has been anonymized or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.
We collect personal information from you when you use our Services.
We collect personal information from you and any devices (including mobile devices) you use when you: use our Services, register for an account with us, provide us information on a web form, update or add information to your account, participate in a community board discussion chat, or when you otherwise correspond with us.
Some of this personal information, such as a way to identify you, is necessary to enter into our User Agreement. The provision of all other personal information is voluntary, but may be necessary in order to use our Services, such as the bidding, buying or selling information needed to conclude a transaction.
We may also collect personal information from other sources, as described below.
Personal information you give us when you use our Services or register for an account with us
Identifying information such as your name, addresses, telephone numbers or email addresses when you register for an account with us.
Bidding, buying, or selling information you provide during a transaction, or other transaction-based content that you generate or that is connected to your account as a result of a transaction you are involved in.
Other content that you generate, or that is connected to your account (such as adding items to your basket, adding items to your Watch List, creating collections, and following other collections and sellers).
Financial information (such as credit card or bank account numbers) in connection with a transaction.
Postage, billing and other information used to purchase or send an item, as well as, where postal services are provided through one of our programs, information required to clear customs (such as Tax ID or other identification numbers) and relevant postage information (such as tracking numbers and tracking updates).
In some instances, when you use our Services, you may provide age, gender, interests and favorites.
You may also provide us other information through a web form, by updating or adding information to your account, through your participation in community discussions, member-to-member communications, chats, dispute resolution, or when you otherwise communicate with us regarding our Services.
Additional information we are required or authorized by applicable national laws to collect and process in order to authenticate or identify you or to verify the information we have collected.
Personal information we collect automatically when you use our Services or register for an account with us
We collect information about your interaction with our Services, your advertising preferences, and your communications with us. This is information we receive from devices (including mobile devices) you use when you access our Services. This information could include the following: Device ID or unique identifier, device type, ID for advertising, and unique device token.
Location information, including location information from your mobile device. Keep in mind that most mobile devices allow you to control or disable the use of location services by any application on your mobile device in the device's settings menu.
Computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history, and your web log information.
Personal information we collect using cookies and similar technologies
For more information about our use of these technologies, and how to control them, see Cookies and Similar Technologies.
Personal information collected from other sources
We supplement the personal information we collect directly with information collected from third parties and add it to your account information. For example, we collect and use demographic and other information that is publically available in an applicable jurisdiction, additional contact information, credit check information, and information from credit bureaus, as allowed by applicable national laws
Social Media. We allow you to share information with social media sites, or use social media sites to create your account or to connect your account with the respective social media site. Those social media sites may give us automatic access to certain personal information retained by them about you (e.g., content viewed by you, content liked by you, and information about the advertisements you have been shown or have clicked on, etc.). If you provide us with access to any site with video content, then you agree that we can share your video viewing with, or obtain information about your video viewing from, third-party social media sites for at least two years or until you withdraw authorization or connection to the social media site. You control the personal information you allow us to have access to through the privacy settings on the applicable social media site and the permissions you give us when you grant us access to the personal information retained by the respective social media site about you. By associating an account managed by a social media site with your account and authorizing us to have access to this information, you agree that we can collect, use and retain the information provided by these social media sites in accordance with this privacy notice. We may also use plug-ins or other technologies from various social media sites. If you click on a link provided via a social media plug in, you are voluntarily establishing a connection with that respective social media site.
If you give us personal information about someone else, you must do so only with that person’s authorization. You should inform them how we collect, use, disclose, and retain their personal information according to our privacy notice.
We use your personal information to provide and improve our Services, provide you with a personalized experience on our sites, contact you about your account and our Services, provide you customer service, provide you with personalized advertising and marketing, and to detect, prevent, mitigate and investigate fraudulent or illegal activities.
We use the personal information we collect from you for a range of different business purposes and according to different legal bases of processing. The following is a summary of how and according to which legal bases we use your personal information.
We use your personal information to fulfill a contract with you and provide you with our Services, to comply with our legal obligation, protect your vital interest, or as may be required for the public good. This includes:
To provide payment processing and account management, operate, measure and improve our Services, keep our Services safe, secure and operational, and customize site content that includes items and services that you may like in response to actions that you take.
To run the eBay Partner Network and its Programs, as described in the EPN Network Agreement (including, for example, providing tracking and reporting, and compensating you for your participation) and providing you with information and services you request.
To contact you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed or as otherwise necessary to provide you customer service.
When contacting you for such purposes as outlined above, we may contact you via email, telephone, SMS/text messages, postal mail, and via mobile push notifications.
When contacting you via telephone, to ensure efficiency, we may use autodialed or pre-recorded calls and text messages as described in our User Agreement and as authorized by applicable law. Message and data rates may apply.
To provide other services requested by you as described when we collect the information.
We use general location information to provide you with location based services (such as advertising, search results, and other personalized content).
To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities.
To enforce our User Agreement, this privacy notice, or other policies, and to monitor restrictions on offers to buy or sell outside of eBay and member-to-member communications for violations of our policies or applicable laws.
We use your personal information to pursue our legitimate interests where your rights and freedoms do not outweigh these interests. We have implemented controls to balance our interests with your rights. This includes to:
Improve our Services, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience.
Personalize, measure, and improve our advertising based on your advertising customization preferences.
Contact you via email or postal mail in order to offer you coupons, discounts and special promotions, poll your opinions through surveys or questionnaires and inform you about our Services, as authorized by applicable law.
Contact you about public policy matters, or other current events, related to your ability to use our Services. This could include an invitation to join a petition, letter writing, call or other sort of public policy related campaigns.
Deliver targeted marketing, service updates, and promotional offers based on your communication preferences.
Measure the performance of our email marketing campaigns (e.g. by analyzing open and click rates).
Measure sellers' performance (e.g. by using shipment tracking information that sellers and shipping providers send or provide through eBay).
Monitor and improve the information security of our site and mobile applications.
With your consent, we may use your personal information to:
Provide you with marketing via telephone calls, email, SMS or text.
Provide you with marketing from other eBay Inc. corporate family members.
Provide you with marketing from third parties.
Customize third party advertising you might see on third party websites.
Use your precise geo-location to provide location based services.
Use your sensitive personal information to facilitate transactions in certain categories.
You have the right to withdraw your consent at any time.
We may use technologies considered automated decision making or profiling. We will not make automated-decisions about you that would significantly affect you, unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are required by law to use such technology.
You have choices about how we use your personal information to communicate with you, to send you marketing information, how we provide you with customized and relevant advertising, and whether you want to stay signed into your account.
You can control your email communication preferences in the Communication Preference section within your My eBay. There, you can also control your member-to-member communications preferences setting and choose which newsletters and promotions you want to receive.
If you do not wish to receive marketing communications from us, you can unsubscribe via the link in an email you received, change your Communication Preferences within My eBay, indicate your communication preferences using the method described within the direct communication from us or contact us as described in the Contact Us section below. Keep in mind, we do not sell, rent, or otherwise disclose your personal information to third parties for their marketing purposes without your consent.
If you do not wish to participate in our advertising personalization programs, you can opt-out by following the directions provided within the applicable advertisement, or through the programs described in our User Cookie Notice. The effect of an opt-out will be to stop personalized advertising, but it will still allow the collection of personal information as otherwise described in this privacy notice. We do not allow third parties to track or collect your personal information on our sites for their own advertising purposes, without your consent.
Staying Signed in
When you sign in to your account on our Services, we give you the option to stay signed in to your account for certain amount of time. If you are using a public or shared computer, we encourage you not to choose to stay signed in. You or any other user of the computer/browser you signed in on will be able to view and access most parts of your account and take certain specific actions during this signed in period without any further authorization. The specific actions and account activities that you or any other user of this computer/browser may take include:
Bid, buy or make an offer on an item
Check out or add items to your cart
Purchase an item with PayPal using Faster Checkout (if enabled in your account)
View the activity header
View the My eBay page
View or edit the Watch List or order details
View the profile page
Send member-to-member messages
Conduct after-sale activities, like leaving Feedback, canceling orders, requesting returns or submitting claims
If you attempt to change your password, User ID, update any other account information or attempt other account activity beyond those listed above, you may be required to enter your password.
You can typically end your signed in session by either signing out and/or clearing your cookies. If you have certain browser privacy settings enabled, simply closing your browser may also end your signed in session. If you are using a public or shared computer, you should sign out and/or clear your cookies when you are done using our Services to protect your account and your personal information.
We respect your right to access, correct, request deletion or request restriction of our usage of your personal information as required by applicable law. We also take steps to ensure that the personal information we collect is accurate and up to date.
You have the right to know what personal information we maintain about you
We will provide you with a copy of your personal information in a structured, commonly used and machine readable format on request
If your personal information is incorrect or incomplete, you have the right to ask us to update it
You have the right to object to our processing of your personal information
You can also ask us to delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our Services
Access, correction, and deletion of your personal information
You can see, review and change most of your personal information by signing in to your account. Please, update your personal information immediately if it changes or is inaccurate. Keep in mind, once you make a public posting, you may not be able to change or remove it.
We will honor any statutory right you might have to access, modify or erase your personal information. To request access and to find out whether any fees may apply, if permitted by applicable national laws, please contact us following the instructions in the Contact Us section below. Where you have a statutory right to request access or request the modification or erasure of your personal information, we can still withhold that access or decline to modify or erase your personal information in some cases in accordance with applicable national laws.
If you request that we stop processing some or all of your personal information or you withdraw (where applicable) your consent for our use or disclosure of your personal information for purposes set out in this privacy notice, we might not be able to provide you all of the Services and customer support offered to our users and authorized under this privacy notice and our User Agreement.
Upon your request, we will close your account and remove your personal information from view as soon as reasonably possible, based on your account activity and in accordance with applicable national laws.
We may disclose your personal information to other members of the eBay Inc. corporate family or to third parties. This disclosure may be required for us to provide you access to our Services, to comply with our legal obligations, to enforce our User Agreement, to facilitate our marketing and advertising activities, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our Services. We attempt to minimize the amount of personal information we disclose to what is directly relevant and necessary to accomplish the specified purpose. We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent.
We may disclose your personal information to the following parties for the following purposes:
eBay Inc. corporate family members, who may use it to:
Provide joint content and services (like registration, transactions, and customer support)
Help detect, investigate, mitigate and prevent potentially fraudulent and illegal acts, violations of our User Agreement, and data security breaches
Provide you personalized advertising
Improve their products, sites, applications, services, tools, and marketing communications.
Members of our eBay Inc. corporate family will use your personal information to send you marketing communications only if you have consented to receive such communications from them or if otherwise permitted by the law.
Service Providers and financial institutions partners as follows:
Third party service providers who help us to provide our Services, payment processing services, assist us in providing customize advertising, to assist us with the prevention, detection, mitigation, and investigation of potentially illegal acts, violations of our User Agreement, fraud and/or security breaches, bill collection, affiliate and rewards programs, co-branded credit cards and other business operations.
Third party financial institutions with whom we partner to offer financial products to you, for them to provide joint content and services (such as, registration, transactions and customer support). These third party financial institution partners will use your personal information to send you marketing communications only if you have requested their services.
Third party shipping providers (e.g., DHL, UPS, USPS, etc.) with whom we share delivery address, contact information and shipment tracking information for the purposes of facilitating the delivery of items purchased and other delivery related communications.
Third party providers of websites, applications, services and tools that we cooperate with so that they can publish or advertise your listings and their content on their websites or in their applications, services and tools. If we transfer personal information along with the content of your listings to third party providers, this will be solely on the basis of an agreement limiting use by the third party provider of such personal information to processing necessary to fulfil their contract with us and obligating the third party provider to take security measures with regard to such data. Third party providers are not permitted to sell, lease or in any other way transfer the personal information included in your listings to third parties.
Law enforcement, legal proceedings, and as authorized by law
To comply with our legal requirements, enforce our User Agreement, respond to claims that a listing or other content violates the rights of others, or protect anyone's rights, property or safety.
To law enforcement or governmental agencies, or authorized third-parties, in response to a verified request or legal process relating to a criminal investigation or alleged or suspected illegal activity or any other activity that exposes us, you, or any other of our users to legal liability. We will only disclose information we deem relevant to the investigation or inquiry, such as name, city, state, postcode, telephone number, email address, User ID history, IP address, fraud complaints, bidding and listing history.
To participants of the eBay VeRO Program globally under confidentiality agreement, as we in our sole discretion deem necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity. In such events, we will disclose seller’s name, street address, city, state, postcode, country, phone number, email address and company name to the participants of the eBay VeRO Program.
To credit agencies or bureaus as authorized by applicable national laws (e.g. information on late or missed payments or other defaults on your account that may be reflected in your credit report or file).
To third parties involved in a legal proceeding, if they provide us with a subpoena, court order or substantially similar legal basis, or we otherwise believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity.
Other eBay users as authorized by you or your use of our Services
When transacting with another user, the other user may request that we provide him/her with information about you necessary to complete the transaction, such as your name, account ID, email address, contact details, shipping and billing address, or other information from you needed to promote the reliability and security of the transaction.
If a transaction fails, is put on hold, or is later invalidated, we may also provide the other user with details of the unsuccessful transaction
The other user receiving your information should only use it for purposes related to the transaction. Unless you have consented to receive marketing from them, they should not contact you for marketing purposes.
Contacting users with unwanted or threatening messages is a violation of our User Agreement.
We may disclose your personal information to PayPal Inc. and its corporate family
To prevent, detect, mitigate, and investigate potentially illegal acts, fraud and/or security breaches, and to assess and manage risk, including to alert you if fraudulent activities have been detected on your eBay or PayPal accounts
To provide customer services, including to help service your account or resolve disputes (e.g., billing or transactional disputes)
To facilitate the processing of payment cards when you pay within our Services with a payment card and we use PayPal to process your payment
To facilitate shipping and related services for purchases you made using PayPal
Change of Ownership
If we are subject to a merger or acquisition with/by another company, we may share information with them in accordance with our global privacy standards. Should such an event occur, we will require that the new combined entity follow this privacy notice with respect to your personal information. If we intend to handle your personal information for any purposes not covered in this privacy notice, you will receive prior notification of the processing of your personal information for the new purposes.
We retain your personal information for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies.
Our specific retention times for personal information are documented in our regional records retention schedules. How long we retain personal information can vary significantly based on context of the Services we provide and on our legal obligations. The following factors typically influence retention periods:
How long is the personal information needed to provide our Services? This includes such things as maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most of our data retention periods.
Is the personal information sensitive? If so, a shortened retention time is generally appropriate.
Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
Are we subject to a legal, contractual, or similar obligation to retain your personal information? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or personal information retained for the purposes of litigation.
After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner according to our data retention and deletion policies.
We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls. For more information about staying safe while buying and selling online, or to report an issue with your account please visit our Security Center.
We have established a set of global privacy standards for all eBay Inc. companies known as our Binding Corporate Rules (BCRs). They are our commitment to protect your personal information and honor our privacy obligations within our eBay Inc. corporate family. More information about our BCRs and our global privacy standards is available at our eBay Privacy Center.
Data Controllers and Data Protection Officers
Data Controllers and Data Protection Officers
If you reside in the United States, you are contracting with eBay Inc., 2025 Hamilton Avenue, San Jose, CA 95125, USA and, if you use our payments services, also with eBay Commerce Inc., 2025 Hamilton Avenue, San Jose, CA 95125, USA, for such payments services.
If you reside outside of the United States, you are contracting with one of our international eBay companies, as follows:
If you reside in Canada you are contracting with eBay Canada Limited, 500 King Street West, Suite 200, Toronto, ON M5V 1L9, Canada;
If you reside in a country within the European Union (except the United Kingdom) you are contracting with eBay GmbH, Albert-Einstein-Ring 2-6, 14532 Kleinmachnow, Germany;
If you reside in the United Kingdom you are contracting with eBay (UK) Limited, 5 New Street Square, London, EC4A 3TW, United Kingdom;
If you reside in any other country, you are contracting with eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland.
If you use our eBay Customer Guarantee services and reside in France, Italy or Spain, you are also contracting with eBay Services S.à r.l, 22-24 Boulevard Royal, 2449 Luxembourg for such specific services.
The company you are contracting with is your data controller, and is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our global privacy standards, this privacy notice, as well as any applicable national laws.
Your data controller may transfer data to other members of the eBay Inc. corporate family who have signed our BCRs, as described in this privacy notice.
We may process and retain your personal information on our servers in the U.S. and elsewhere in the world where our data centers are located.
Where we have a legal obligation to do so, we have appointed data protection officers (DPOs) to be responsible for the privacy program at each of the respective data controllers.
Other important privacy information
This section describes some additional privacy information related to your use of our Services that you may find important.
When you share your personal information on our sites or applications – what happens?
Other users have access to the information you share on eBay. For example, other users can see your bids, purchases, items for sale, your collections, the sellers and collections you follow, storefronts, feedback, ratings, product reviews and associated comments. Other users can also see any information you chose to share in your profile or your collections.
When you use our Services, your public user ID may be displayed and available to the public and associated with all of your public eBay activity. Notices sent to other users about suspicious activity and notice violations on our sites may refer to your public user ID and specific items. If you associate your name with your user ID, the people to whom you have revealed your name may then be able to identify your eBay activities.
To help protect your privacy, we allow only limited access to other users' contact, shipping and financial information as necessary to facilitate your transactions and collect payments. However, when users are involved in a transaction, they have access to each other's name, user ID, email address and other contact and shipping information.
Your responsibilities over transactional information you receive through eBay
When you transact with another user, we enable you to obtain or we may provide you with the personal information of the other user (such as their name, account ID, email address, contact details, shipping and billing address) to complete the transaction. Independent from us, you are the controller of such data and we encourage you to inform the other user about your privacy practices and respect their privacy. In all cases, you must comply with the applicable privacy laws, and must give the other user a chance to remove them from your database and them a chance to review what information you have collected about them.
You may use the personal information that you have access to only for eBay transaction-related purposes, or for other services offered through eBay (such as escrow, shipping, fraud complaints, and member-to-member communications), and for purposes expressly consented by the user to whom the information relates. Using personal information of other users that you have access to for any other purpose constitutes a violation of our User Agreement.
Unwanted or threatening email
We do not tolerate abuse of our Services. You do not have permission to add other users to your mailing list (email or postal), call, or send him/her text messages for commercial purposes, even if this user purchased something from you, unless the user has given his/her explicit consent. Sending unwanted or threatening email and text messages is against our User Agreement. To report eBay-related spam or spoof emails please forward the email to firstname.lastname@example.org or email@example.com.
We may scan messages automatically and check for spam, viruses, phishing and other malicious activity, illegal or prohibited content or violations of our User Agreement, this privacy notice or our other policies.
Our websites are general audience websites and not intended for children. We do not knowingly collect personal information from users deemed to be children under their respective national laws.
Third Party Privacy Practices
This privacy notice addresses only our use and handling of personal information we collect from you in connection with providing you our Services. If you disclose your information to a third party, or visit a third party website via a link from our Services, their privacy notices and practices will apply to any personal information you provide to them or they collect from you.
We cannot guarantee the privacy or security of your personal information once you provide it to a third party and we encourage you to evaluate the privacy and security policies of your trading partner before entering into a transaction and choosing to share your personal information. This is true even where the third parties to whom you disclose personal information are bidders, buyers or sellers on our site.
If you have a question or a complaint about this privacy notice, our global privacy standards, or our information handling practices, you can reach the Global Privacy Office in writing at: eBay Inc, Attn: Legal - Global Privacy Office, 2065 Hamilton Avenue, San Jose, California 95125, USA.
You can find more information on how to contact us and our data protection officers at our eBay Privacy Center
Your right to file complaints with a data protection supervisory authority remains unaffected.
Program Details at eBay
Advertiser: eBay Inc.
Participating Sites and Content*:
Participating Site and Content
*EPN may, in its sole discretion, add or remove countries and websites from this list of Participating Sites and Content.
Program Description: Directing end users to Participating Sites and Content in exchange for a percentage of GMB OR participating in eBay’s Buy API Program in exchange for a percentage of GMB associated with an end user’s purchase of products or services through your implementation of eBay’s Buy API Program.
Please note there may be exceptions to the rate card above for certain partners based on business model or other special circumstances.
Payment Structure for Qualifying Transactions:
A Qualifying Transaction occurs when (1) an end user makes a purchase on a participating Affiliate website within 24 hours after clicking your Promotional Content for a “Buy It Now” item, (2) an end user places a bid on an auction within 24 hours after clicking your Promotional Content and wins such auction within 10 days for an “Auction” item, or (3) an end user makes a purchase through eBay’s API on a digital property that is owned and operated by you and that complies with all other terms and conditions of your agreement for participation in eBay’s Buy API Program. For any Qualifying Transactions, you receive a percentage of the GMB for that purchase, based on the category-level commission rates shown below. Note that there are certain items and categories for which eBay Inc. earns low or no revenue; in such cases, you will therefore earn low or no revenue share. These items and categories may include, but are not limited to gift cards, items sold by charities, and special promotional deals. You will only be paid once for each Qualifying Transaction; no duplicate payments will be made under eBay’s Buy API Program.