Skip to main content

  • Important: Due to EU & UK Payments regulatory requirements, an additional security verification via Digital Signatures is required for certain API calls that are made by EU/UK sellers. Please refer to Digital Signatures for APIs to learn more on the impacted APIs and the process to create signature to be included in the HTTP payload.

  • OpenAPI Specification - Version 2.0 for all of our RESTful APIs will no longer be available starting April 5, 2023. We will continue leveraging OpenAPI Specification - Version 3.0 for new features in our RESTful APIs.

EBAY DEVELOPERS PROGRAM

TERMS OF USE AND API LICENSE AGREEMENT

Thank you for your interest in the eBay Developers Program (the “Program”). Through the Program, eBay offers various tools, content, and services (the “Developer Tools”), including certain eBay Application Programming Interfaces (“APIs”), to manage and facilitate the development of applications that use content from and interact with  eBay-branded marketplaces around the world.

The Program and access to the Developer Tools are provided solely for the purpose of promoting and facilitating access to and use of eBay Services (defined below). If eBay believes you or Your Users are using the Developer Tools in any way that undermines eBay’s business interests, eBay may, at its sole discretion, terminate these Terms, suspend your license to use the APIs, discontinue your participation in the Program, terminate your access to the Developer Tools, and/or reduce your access to all or some APIs. These Terms of Use and API License Agreement (“Terms”) govern your participation in the Program, including your license to use the APIs and take effect as of the earlier of (a) the date you signify your agreement or (b) the date that you first access any Developer Tools or eBay Content (defined below) (the “Effective Date”), These Terms and the Developer Tools will change over time, so please check the eBay Developers Program site periodically to see the latest updates.

You are contracting with an eBay company (individually and collectively referred to as "eBay," "we," or "us") determined by your country of residence. For example and as listed in the chart of eBay companies linked above, if you reside in the United States, you are contracting with eBay Inc.

You represent and warrant that you are authorized to act on behalf of, and have the authority to bind, the party being issued an Application Key (defined below) to these Terms. You and the party being issued an Application Key are collectively referred to as “you” or “your” in these Terms.

  1. DEFINITIONS

    Application Key(s)” means the confidential security keys eBay provides to you for your use of the API, including the developer ID, certificate ID, and application ID.

    Application” means the software application, website or other interface that you develop, own or operate to interact with the API.

    Authorized Use” has the meaning defined in Section 3.1.

    eBay Content” means all of the information, data, content, images, and other material stored by and retrieved from eBay. eBay Content does not include information that you obtain independent of eBay.

    eBay Services” means eBay Sites, including any eBay Content therein, and all other services, applications and tools eBay offers to eBay Users.

    eBay Site(s)” means any one or all of the following: ebay.com and all international versions thereof that are owned, operated, and controlled by eBay Inc. or its subsidiaries (for example, ebay.de, ebay.co.uk, ebay.com.au, etc.).

    eBay User” means any person who accesses any eBay Service, directly or through the Developer Tools.

    eBay User Agreement” means the terms and policies on which eBay offers eBay Services to eBay Users, currently available through a link on the homepage of each eBay Site (for example, the ebay.com User Agreement).

    Your Users” means end-users of your Application and anyone who sublicenses your Application.

    Personal Information” means any information that directly or indirectly identifies an eBay User that you obtain through your participation in the Program and your use of the Developer Tools,    including information that you collect directly from Your Users in connection with your Application, information that is included in eBay Content, or information that you otherwise receive from eBay about Your Users or other eBay Users and their trading activities.

  2. DEVELOPERS PROGRAM CONDITIONS
    1. Participation in the Program. You may participate in the Program and use the Developer Tools to create and use Applications that access and/or interact with eBay Services consistent with the Authorized Use and these Terms. You agree that you are solely responsible for the Applications that you develop. You agree to provide and maintain accurate contact information and you will inform us promptly of any updates to your contact information.
    2. Application Guidelines. Applications that you develop, display or distribute that interact with the API must comply with eBay’s Compatible Application Check requirements, incorporated herein by reference.
    3. Additional Certifications. Access to certain APIs, eBay Content and increased API call limits may require special certifications. You may be responsible for any costs associated with such certifications, as well as any modifications necessary for your Application to meet certification criteria.
  3. LICENSE FOR DEVELOPER TOOLS
    1. Authorized Use. eBay grants you a non-exclusive, non-transferable, and non-sublicensable (except as expressly permitted herein) license to use the Developer Tools solely for the purpose of facilitating your own or Your Users’ use of eBay Services, such use limited to the following (the “Authorized Use”):
      1. Enabling your Application to interact with eBay’s databases (for example, the eBay public database and the Sandbox Test Environment);
      2. Making limited intermediate copies of eBay Content only as necessary to perform an activity permitted under these Terms. All intermediate copies must be deleted when they are no longer required for the purpose for which they were created;
      3. Rearranging or reorganizing eBay Content within your Application consistent with these Terms;
      4. Displaying eBay Content consistent with these Terms; and
      5. Using, displaying or modifying eBay Content as expressly authorized by Your Users and consistent with these Terms.
    2. Application Keys. eBay will provide you with Application Keys that permit you to access eBay’s databases. You may not share or transfer your Application Keys to any third party without eBay’s prior written consent. The Application Keys are the property of eBay and may be revoked at any time by eBay.
    3. API Call Limitations. eBay reserves the right to limit the number of periodic API calls you are allowed to make. eBay may temporarily suspend your access to the API if you exceed API call limits. Attempts to circumvent API call limits may result in termination of these Terms, suspension of your license to use the APIs, discontinuance of your participation in the Program, termination of your access to the Developer Tools, and/or reduction of your access to all or some APIs. Unused API calls will not roll over to the next call limit period.
    4. Loyalty Program Badges. eBay grants you a non-exclusive, non-transferable and non-sublicensable license to display certain eBay Loyalty Program Badges as set forth in the eBay Badge Usage Terms, incorporated herein by this reference (“Loyalty Program Badges”). eBay may update these requirements from time to time, and you must ensure compliance with current standards.
  4. WORKING WITH THIRD PARTIES
    1. Service Providers. You may work with service providers as necessary to facilitate your performance under these Terms but only if you require your service providers to comply with all of the conditions and restrictions of these Terms. You acknowledge and agree that any act or omission by your service provider(s) amounting to a breach of these Terms will be deemed a breach by you.
    2. Sublicensing. Except as set forth in this Section 4.2, all license rights (under any applicable intellectual property right) granted to you by eBay are not sub-licensable, transferable or assignable. You may sublicense your right to display the eBay Content to Your Users solely to enable them to display eBay Content on their computer screens or websites through your Application; provided that:
      1. You will not disclose your Application Keys to Your Users.
      2. All API calls initiated by Your Users will be made through your Application Keys.
      3. All API calls initiated by Your Users will count towards your maximum permitted API calls.
      4. Your Users will have no programmatic control over the API.
      5. You will enter into a binding agreement with each of Your Users that includes the following terms: (1) Your Users will be bound by these Terms; (2) eBay will be a third-party beneficiary to such agreement; (3) such sublicense is terminable at any time.
    3. Breach by Your Users. As a third-party beneficiary to all sublicenses pursuant to these Terms, eBay will have the right, in its sole discretion, to directly enforce any term of the sublicense agreement against Your Users, including termination. You acknowledge and agree that any act or omission by Your Users amounting to a breach of these Terms will be deemed a breach by you.
  5. OWNERSHIP. As between eBay and you, except for the limited licenses granted by these Terms: (i) eBay retains all rights, title and interest in and to all intellectual property rights embodied in or associated with the Developer Tools, eBay Services, eBay Content, eBay logos, and any content created or derived therefrom; and (ii) you retain all rights, title and interest in and to all intellectual property rights embodied in or associated with your Application, excluding the aforementioned rights in Section 5(i) above owned by or licensed to eBay. There are no implied licenses under these Terms, and any rights not expressly granted to you hereunder are reserved by eBay or its suppliers. You will not take any action inconsistent with eBay’s ownership of the Developer Tools, eBay Services, eBay Content or eBay logos.
  6. COMPETITIVE OR SIMILAR MATERIALS. In no event will eBay be precluded from discussing, reviewing, developing for itself, having developed, acquiring, licensing or developing for third parties, as well as marketing and distributing, materials which are competitive with your Application or other products or services provided by you, irrespective of their similarity to your current products or products that you may develop.
  7. TRADEMARK AND COPYRIGHT LICENSE. eBay, in its sole discretion, may use your trade names, trademarks, service marks, logos, and domain names for the purpose of advertising or publicizing your participation in the Program and use of the API. If you submit an Application for inclusion on an eBay Site or to be hosted by eBay, you direct and authorize eBay and its affiliates to host, link to, and otherwise incorporate the Application into eBay Services and to carry out any copying, modification, distribution, internal testing, or other processes eBay deems necessary.
  8. EBAY CONTENT
    1. Using and Displaying eBay Content. You may use and display eBay Content only within your Application and in accordance with the following guidelines:
      1. Authentication. If your Application will enable Your Users to interact with eBay Services in a way that requires sign-in to their eBay accounts (for example, bidding, buying, listing or access to My eBay), you may provide this access only after “Authentication”. Authentication occurs when an eBay User grants your Application access to their eBay Content via an eBay-controlled sign-in and consent page. An “Authenticated User” is an eBay User who has granted such access to your Application. You warrant that Your Users may revoke Authentication at any time for any reason.
      2. Public Display. To the extent eBay Content is publicly available within an eBay Service, you may display such eBay Content within your Application to promote eBay and enable Your Users to search and browse listings (“Public Display”), subject to the following restrictions: (1) When the eBay Content is no longer publicly available, you must delete it from your Application. For example, when an eBay User ID is publicly available in connection with a listing on the eBay Site, you may display the eBay User ID through your Application; but if that eBay User ID is no longer viewable in connection with the listing or is otherwise anonymized, you may no longer display the eBay User ID in a Public Display. (2) eBay Content in a Public Display may not be co-mingled or combined with non-eBay Content. For example, all eBay Content in a Public Display must be visually isolated from third-party listings or other non-eBay information. (3) eBay Content that is available only to an eBay User after signing in to the eBay User’s account may only be displayed to that eBay User after Authentication, and such eBay Content may not be used for Public Display without the explicit prior consent of that Authenticated User.
      3. Age of Displayed eBay Content. eBay Content displayed within your Application must be kept reasonably up to date. Displayed item listing information may not be more than six (6) hours older than information displayed on the eBay Site, and other eBay Content must be no more than twenty-four (24) hours older than content displayed on the eBay Site. If your displayed item listing is not as current as the listing on the eBay Site, you will disclose on your Application how much older your displayed item listing is than the same listing on the eBay Site.
      4. Prohibited Use and Derivation of Information.
        1. You must have eBay’s express prior written permission to use, or display eBay Content in any way that enables derivation of, any of the following:
          1. Any site-wide statistics across eBay Sites or within any eBay Site;
          2. Take-up rates for enhanced listings (for example, gallery, featured, category featured, etc.);
          3. Statistics relating to the performance (financial or otherwise) of any eBay Service (for example, gross merchandise sales);
          4. Average selling price or gross merchandise sold for any eBay category.
        2. Notwithstanding Your Users’ access to and use of their own information, you must have eBay’s express prior written permission to use, or display eBay Content in any way that enables derivation of, the following:
          1. Aggregated seller or buyer data (for example, Personal Information);
          2. Data relating to the performance of sellers, either individually or in aggregate (for example, performance data related to promotional campaigns, ad placements, or promoted listings);
          3. Aggregated data relating to transactions conducted through thirdparty affiliates (for example, off-eBay purchases on social networks, merchants, or other marketplaces enabled through Buy APIs);
          4. Data comparing eBay User utilization of eBay Services and the services of any third-party;
          5. Information relating to specific eBay Users or types of eBay Users;
          6. Conversion, completion or success rates; or
          7. Reserve auction information.
      5. Displaying Aggregated Content. Unless expressly permitted by eBay, you will not display any web page served by eBay servers in an aggregated display of different web pages in a browser display area (for example, by framing or mirroring).
    2. Protecting User Privacy
      1. Collecting and Storing Personal Information.
        1. Your participation in the Program and your use of the Developer Tools may allow you to collect Personal Information from and about eBay Users.
        2. You will delete Personal Information when requested by eBay or by the applicable eBay User, when it is no longer necessary for your Application or when your participation in the Program is terminated.
        3. You will not under any circumstances collect or store any eBay User IDs or passwords.
      2. Compliance with Privacy Laws. At all times, you will cause your Application and your use of the Developer Tools, eBay Content and Personal Information to comply with all applicable laws, rules, regulations and best practices concerning privacy and data protection.
      3. Your Privacy Policy. You must make publicly available, and must abide by, an appropriate privacy policy for your application.
      4. Using Your Users’ Personal Information. You warrant as follows: (i) your collection and use of Your Users’ Personal Information will be only as authorized by Your Users; (ii) you will comply with your privacy policy; and (iii) your privacy policy and your privacy practices will comply with all applicable laws, rules and regulations. In all cases, your privacy policy must be consistent with the eBay Privacy Notice (meaning, at a minimum, that you may not process Personal Information in a manner that eBay cannot), which notice is available on each of the eBay Sites (for example, the ebay.com Privacy Notice).
      5. Information About Other eBay Users. You may receive information about eBay Users who may not be Your Users (“Other Users”) that is (i) publicly available from eBay; (ii) provided by eBay through the API; or (iii) otherwise obtained by you in connection with your participation in the Program and use of the Developer Tools (“Other User Information”). You may use Other User Information only as strictly necessary to perform activities permitted under these Terms and strictly in compliance with your privacy policy and applicable laws, rules and regulations.
      6. Using Other User Information. You will not collect, store, use, disclose or otherwise process Other User Information for any purpose other than facilitating the use of eBay Services as permitted under these Terms.
      7. eBay Privacy Notice. Your use of Other User Information will be consistent with the eBay Privacy Notice (meaning, at a minimum, that you will not process Other User Information in a manner that eBay cannot).
      8. Public Display of Other User Information. You may engage in the Public Display of Other User Information (for example, eBay listings) only in accordance with Section 8.1(b).
      9. Application Testing. The Sandbox Test Environment (the “Sandbox”) is a production environment for testing applications to ensure proper operation with respect API integration. The Sandbox is intended for testing API logic and API behavior only. You may use information made available in the Sandbox for application development and test only. You are responsible for safeguarding your data and the data of your customers. You are prohibited from publishing confidential, personal data, or restrictive data in the Sandbox. You must delete your Application from the Sandbox immediately after testing is completed.
    3. DPRA Requirements. Your continued access to the Developer Tools and eBay Content is subject to your compliance with the terms of the eBay Data Protection Requirements Addendum attached as Exhibit A and incorporated herein by reference, as the same may be updated from time to time.
    4. Communication. You will not use Personal Information to send or enable sending of unsolicited communications of any type to any eBay Users. You may only communicate with Your Users, or send communications initiated by and on behalf of Your Users to Other Users, to promote and facilitate access to and use of eBay Services.
  9. RESTRICTED ACTIVITIES. Notwithstanding any rights expressly granted under these Terms, you may not use or access (nor facilitate or enable others to use or access) eBay Services, including the Developer Tools, in any way which may, directly or indirectly, undermine eBay’s business interests without eBay’s prior written consent. For example, you will not, and you will not facilitate or enable others to:
    1. Distribute, publish, or allow access or linking to eBay Services, including the API, from any location or source other than your Application.
    2. Enable or permit the disclosure of eBay Content other than as authorized under these Terms.
    3. Use eBay Content to determine or verify eBay User identities or user profiles.
    4. Use eBay Content with the intent to design, build, promote or augment any service competitive to eBay Services.
    5. Display eBay Content relating to the performance of any eBay Service relative to the performance of any third-party service (for example, sales volume, velocity, etc.).
    6. Use eBay Content, either alone or in combination with third-party information, to suggest or model prices for items listed on eBay Sites.
    7. Use eBay Services to promote or engage in seller arbitrage (for example, automatically repricing eBay listings in response to price changes on competitor sites, automatically ordering sold items from competitor sites, and posting tracking information to eBay when items purchased from competitor sites are shipped).
    8. Sell, rent, trade, distribute, lease (or otherwise commercialize), copy, store or modify eBay Content, other than for the purposes allowed by these Terms.
    9. Enable eBay Users to set or change eBay User preferences, registration preferences or privacy preferences for the eBay Site with your Application, notwithstanding listing preferences, item cross-promotion preferences or preferences that customize end-of-auction emails.
    10. Collect, use and/or otherwise process Personal Information of any eBay User other than as provided in these Terms.
    11. Modify, decompile, reverse engineer or otherwise alter the Developer Tools or eBay Content.
    12. Knowingly create an Application that may be used to violate these Terms, the eBay User Agreement, any other eBay policy or applicable laws, rules or regulations.
    13. Use the API in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage or otherwise fails to comply or is inconsistent with any part of the eBay Developer Documentation, incorporated herein by this reference.
    14. Have your Application or your use of eBay Services, including your use of the Developer Tools: (i) be false, inaccurate or misleading; (ii) infringe on any third party's copyright, patent, trademark, trade secret or other property rights or rights of publicity or privacy; (iii) violate any law, statute, ordinance, contract, regulation or generally accepted practice in all relevant jurisdictions (including without limitation those governing trade and export, financial services, consumer protection, unfair competition, antidiscrimination or false advertising); (iv) be defamatory, trade libelous, threatening or harassing; (v) contain or distribute any malware or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or data; or (vi) create liability for eBay or cause eBay to lose (in whole or in part) the services of eBay’s ISPs or other suppliers.
    15. Have your Application introduce to eBay Services or any third party systems, any information, code or other content that (i) is illegal; (ii) is abusive; (iii) is harmful to or interferes with eBay Services or systems of any other entity, or the use thereof; (iii) infringes, misappropriates or otherwise violates the intellectual property, privacy or other proprietary rights of any party, including eBay; (v) creates a security risk or vulnerability; or (vi) attempts to do any of the foregoing.
    16. Provide any inaccurate data or information to eBay, or provide data or information to eBay without having all of the rights necessary to provide such data or information to eBay and for eBay to use it.
    17. Misrepresent or mask your identity in providing information as part of the registration process or as part of your continuing use of the APIs or during the application check process.
    18. Using Buyer Demand Data in any manner other than for the expressed purpose of constructing or editing of a listing.
  10. EBAY POLICIES. You and your Application will comply with the eBay User Agreement, which is incorporated into these Terms by reference. In the event of a conflict between these Terms and the eBay User Agreement regarding your participation in the Program and use of the Developer Tools, these Terms will control.
  11. MODIFICATIONS
    1. Modification of the Developer Tools, Sites and Services. eBay may modify the Developer Tools, API call limits, its databases, any eBay Service, or any of the benefits and/or features provided in connection with your use of the Developer Tools at any time with or without notice to you. Modifications may affect your Application and may require you to make changes to your Application at your own cost to continue to be compatible with or interface with the API or other eBay Services.
    2. Modification of these Terms. eBay may amend these Terms at any time by posting the amended Terms to the eBay Developers Program site. eBay may also send you notice of the amended terms via email. Except where stated otherwise, all amended terms will be effective thirty (30) days after they are posted or emailed to you. IF ANY MODIFICATION IS UNACCEPTABLE TO YOU, YOUR ONLY RECOURSE IS TO TERMINATE THESE TERMS IN ACCORDANCE WITH THESE TERMS, BEFORE THE EFFECTIVE DATE OF THE AMENDMENT(S). YOUR USE OF THE DEVELOPER TOOLS AFTER THE DATE ON WHICH CHANGES TAKE EFFECT WILL CONSTITUTE YOUR ACCEPTANCE OF SUCH CHANGES. These Terms may not otherwise be amended except through mutual written agreement (not including email) by you and an eBay representative who intends to amend these Terms and is duly authorized to agree to such an amendment.
  12. MONITORING AND ENFORCEMENT
    1. Right to Monitor and Audit. You agree that eBay may monitor or audit your Application or activities relating to your use of Developer Tools. At eBay’s request, you will provide eBay free access to use your Application for the purpose of monitoring or auditing your Application. You will not seek to block or otherwise interfere with the monitoring or audit, and eBay may use technical means to overcome any methods you may use to block or interfere with such monitoring. Audits may include requests for documents and information and visits to your facilities.
    2. Remedy for Breach. If eBay, in its sole discretion, believes that you or your service providers have breached these Terms, or that you or your service providers have engaged in fraudulent activity, eBay may take any and all steps it deems appropriate, including suspending your license to use the APIs, discontinuing your participation in the Program, terminating your access to the Developer Tools, and/or reducing your access to all or some APIs.
    3. Corrective Action. In addition to any other available remedies, eBay may, at its sole discretion, seek specific performance, injunctive relief or attorneys' fees. eBay reserves the right to take other corrective action as eBay sees fit in the event that eBay receives complaints from eBay Users about your Application or your actions.
  13. AVAILABILITY, SECURITY AND STABILITY
    1. eBay makes no guarantees with respect to the availability or uptime of the Developer Tools or any other eBay Services. eBay may conduct maintenance on or stop providing any of the Developer Tools or other eBay Services at any time, with or without notice to you. eBay may change the method of access to the Developer Tools at any time.
    2. In the event of degradation or instability of eBay’s systems or an emergency, eBay may, in its sole discretion, temporarily suspend your access to the Developer Tools or other eBay Services.
  14. DISCLAIMER OF WARRANTIES & LIMITATION OF LIABILITY
    1. SOME JURISDICTIONS DO NOT ALLOW CERTAIN WARRANTY DISCLAIMERS OR LIMITATIONS ON LIABILITY. ONLY DISCLAIMERS OR LIMITATIONS THAT ARE LAWFUL IN THE APPLICABLE JURISDICTION WILL APPLY TO YOU, AND EBAY’S LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
    2. EXCEPT AS EXPRESSLY STATED HEREIN, EBAY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALL EBAY SERVICES PROVIDED BY EBAY HEREUNDER ARE PROVIDED “AS IS” AND “AS AVAILABLE” AND EBAY DOES NOT REPRESENT OR WARRANT THAT ANY EBAY SERVICES, INCLUDING THE DEVELOPER TOOLS, WILL OPERATE SECURELY OR WITHOUT INTERRUPTION. YOU ACKNOWLEDGE THAT YOU HAVE NOT ENTERED INTO THESE TERMS IN RELIANCE UPON ANY WARRANTY OR REPRESENTATION EXCEPT THOSE SPECIFICALLY SET FORTH HEREIN.
    3. EBAY WILL HAVE NO DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT, EXEMPLARY, PUNITIVE, OR OTHER LIABILITY WHETHER IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, UNDER THESE TERMS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LIABILITY AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
    4. IN THE EVENT THAT THE ABOVE IS NOT ENFORCEABLE, EBAY'S AGGREGATE LIABILITY UNDER THESE TERMS IS LIMITED TO AMOUNTS PAID OR PAYABLE TO EBAY BY YOU FOR THE DEVELOPER TOOLS IN THE MONTH PRECEDING THE CLAIM. IN THE EVENT THAT THE FORMER LIMITATION OF LIABILITY IS HELD UNENFORCEABLE BY A COMPETENT COURT, EBAY’S AGGREGATE LIABILITY IS IN ANY CASE LIMITED TO $25,000.
  15. INDEMNIFICATION. You will indemnify, defend and hold eBay, its employees, agents, consultants, subsidiaries, partners, affiliates, and licensors harmless against any and all claims, costs, losses, damages, liabilities, judgments and expenses (including reasonable fees of attorneys and other professionals) (collectively, “Claims”) that may arise from or are related to (i) use of the Developer Tools; (ii) the development, maintenance, use and contents of your Application, including but not limited to any infringement of any third-party proprietary rights; and (iii) your negligence or willful misconduct. eBay will: (i) give you prompt written notice of any Claim; provided, however, that failure to provide such notice shall not relieve you of your liabilities or obligations hereunder, except solely to the extent of any material prejudice as a direct result of such failure; (ii) cooperate with you, at your sole cost and expense, in connection with the defense and settlement of the Claim; and (iii) permit you to select counsel and to control the defense and settlement of the Claim; provided that you may not settle any Claim or take any other action to the extent such settlement or other action would materially adversely impact eBay’s rights, obligations or business operations without eBay’s prior written consent. eBay, at its cost and expense, may participate in the defense of the Claim through counsel of its own choosing. Notwithstanding the foregoing, if you fail to assume the defense of any Claim within thirty (30) calendar days after you receive a request for indemnification under this Section 15, eBay shall control its own defense and follow such course of action as it reasonably deems necessary to protect its interests and you shall fully indemnify eBay for all costs (including attorneys’ fees and settlement payments) reasonably incurred in such course of action.
  16. TERM AND TERMINATION
    1. Termination.
      1. EBAY RESERVES THE RIGHT TO TERMINATE THESE TERMS AND SUSPEND OR DISCONTINUE YOUR PARTICIPATION IN THE PROGRAM AND YOUR ACCESS TO THE DEVELOPER TOOLS, INCLUDING YOUR LICENSE TO USE THE API, OR ANY PORTION OR FEATURE THEREOF, FOR ANY OR NO REASON AND AT ANY TIME WITH OR WITHOUT NOTICE TO YOU AND WITHOUT LIABILITY TO YOU.
      2. If you wish to terminate these Terms, you must email a termination notice to ebaydevelopersprogram@ebay.com. Any other methods used by you to terminate these Terms will be void and will not result in a termination. Your termination notice will be effective when it is received by eBay.
    2. Effect of Termination. Upon the termination of these Terms, you will immediately stop using the APIs. Your Application Keys will be revoked and all licenses granted hereunder will terminate. You will destroy all intermediate copies of eBay Content and Personal Information in your possession within ten (10) days after termination and you will provide written proof of destruction to eBay upon eBay’s request.
    3. Survival. The following Sections will survive any termination of these Terms: [1] Definitions, [5] Ownership, [6] Competitive or Similar Materials, [7] Trademark and Copyright License, [8] eBay Content, [9] Restricted Activities, [10] eBay Policies, [14] Disclaimer of Warranties & Limitation of Liability, [15] Indemnification, [16.2] Effect of Termination, [17] Confidentiality, [18] Publicity, and [20] Miscellaneous.
  17. CONFIDENTIALITY. “Confidential Information” includes all information eBay provides to you under these Terms, including without limitation, Developer Tools, eBay Content, Personal Information and Application Keys. You will not use or disclose Confidential Information other than as required to perform under and as permitted by these Terms. Your confidentiality obligations will survive the termination of these Terms. You acknowledge that monetary damages may not be a sufficient remedy for unauthorized use or disclosure of Confidential Information and that eBay will be entitled (without waiving any other rights or remedies) to such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction, without obligation to post any bond. Any information you provide to eBay hereunder is considered by eBay to be non-confidential. You acknowledge and agree that you have no expectation that such information will be held confidential by eBay, and that eBay has no duty, express or implied, to pay any compensation for the disclosure or use of any such information.
  18. PUBLICITY. Absent the prior written approval of eBay, you will not directly or indirectly issue or permit the issuance of any public statement concerning any aspect of the eBay Developers Program. You permit eBay to make public statements about your use of the Developer Tools and/or participation in the eBay Developers Program.
  19. LAW AND VENUE. The rights and obligations of you and eBay shall be governed by, and these Terms shall be construed and enforced in accordance with, the Laws of the State of California, excluding its conflict of laws rules to the extent such rules would apply the Law of another jurisdiction. The Parties consent to the jurisdiction of all federal and state courts in California, and agree that venue shall lie exclusively in Santa Clara County, California.
  20. MISCELLANEOUS. You acknowledge and agree that these Terms constitute the entire agreement between you and eBay (the “parties”) and supersede all prior understandings and agreements of the parties. Any notices to eBay must be sent to our corporate headquarters address as set forth in the eBay User Agreement via first class or air mail or overnight courier, and is deemed given upon receipt. A waiver of any default is not a waiver of any subsequent default. Unenforceable provisions will be modified to reflect the parties' intention, and remaining provisions of these Terms will remain in full effect. Neither party may assign these Terms without the prior express written permission of the other party. Notwithstanding the foregoing, your consent shall not be required for eBay’s assignment or transfer (1) due to operation of law; or (2) to an entity that acquires substantially all of eBay’s stock, assets or business; or (3) to a related entity (e.g., parent or subsidiary of parent). You and eBay are independent contractors and nothing in these Terms creates a partnership, agency, joint venture, or employer-employee relationship between eBay and you. There are no third-party beneficiaries to these Terms.

Exhibit A: eBay Data Protection Requirements Addendum


  1. Purpose and Scope:

    This Data Protection Requirements Addendum (the “DPRA”) reflects your commitment to abide by Applicable Law concerning the Processing of the eBay Data (defined below) contained within eBay Content and Personal Information. This DPRA prescribes the minimum data protection and information security standards that you, your agents and assigns must meet and maintain in order to protect eBay Data from unauthorized use, access, disclosure, theft, manipulation, reproduction, a Security Breach or otherwise during the term of the eBay Developers Program Terms of Use and API License Agreement (“Terms”) and for any period thereafter during which you, your agents or assigns has possession of or access to any eBay Content or Personal Information, is incorporated into the Terms by this reference, and is effective as of the Effective Date of the Terms. Your ongoing adherence to a Security Program (defined in Section 3.1 below) based on an Industry Recognized Framework is a condition to you doing business with eBay.

    Capitalized terms used but not defined herein shall have the meaning set forth in the Terms.

  2. Definitions:
    1. Applicable Law” means any applicable data protection, privacy, or information security laws, codes, and regulations or other binding restrictions governing Processing of eBay Data.
    2. Cardholder Information” means credit or debit card information regulated by the Payment Card Industry Security Council.
    3. Data Centers” means locations at which you provide data Processing or transmission functions in support of your Application. Data Centers can be owned by you or by a third party.
    4. Data Controller” means the party that determines the purposes of the Processing of Personal Data.
    5. “Data Processor” means the party that Processes Personal Data on behalf of, and under the instruction of, the Data Controller.
    6. Data Subject” means the identified or identifiable person who is the subject of Personal Data.
    7. eBay Data” means data or information (regardless of form, e.g., electronic, paper copy, etc.) transmitted through the eBay API(s) or otherwise provided by or on behalf of eBay to you. eBay Data may be classified as:
      1. Confidential Data”: Information that is intended only for a limited audience within eBay or whose release would likely have an adverse financial or reputational effect on eBay, eBay customers, or eBay clients. Examples include, but are not limited to: customer or client customer individual names, email addresses, physical addresses and any other information that correlates to a person, software source code, customer personal contact information, customer email addresses, etc.; or
      2. Personal Data”: data or information that makes a natural person identified or identifiable or is a numerical, physical, physiological, cultural, economic, mental or other factor of identity relating to an identified or identifiable person.

        eBay Data specifically excludes data classified by eBay as “Restricted Data,” which includes highly sensitive or regulated information that is intended only for a limited audience within eBay or whose release would likely have a material adverse financial or reputational effect on eBay or any Data Subject. Examples include but are not limited to: (i) Government issued identification numbers for specific countries (e.g., USA Social Security number; Germany Shufa ID, Canada Social Insurance number, driver’s license number; state identification number); (ii) Bank account numbers and related bank wire transfer financial information; and (iii) customer date of birth.

        You agree that you will not attempt to access, receive, transmit, Process or store any “Restricted Data” with the exception of Payment Card Industry (PCI) regulated data pursuant to Section 11 if authorized by the cardholder.

    8. Incident” means any impairment to the security of eBay Data, including, but not limited to: any (i) alleged or confirmed misuse of eBay Data; or (ii) unauthorized access to or attempt to access eBay Data.
    9. Industry Standard Encryption Algorithms and Key Strengths” means encryption should at least meet the following standard encryption algorithm (note: The algorithm and key strengths may change depending upon the new and most up-to-date industry standard encryption practice):
      1. Symmetric encryption: AES (≥ 128-bit);
      2. Asymmetric encryption: RSA (≥ 2048-bit);
      3. Hashing: SHA-2 (≥ 224-bit) with “salt” shall be added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings.
    10. Industry Recognized Framework” means a global industry recognized information security management system (“ISMS”), such as ISMS standard ISO/IEC 27001:2013 and ISO/IEC 27002:2013 – Information technology – Security techniques – Information security management systems – Requirements, as published by the International Organization for Standardization and the International Electrotechnical Commission (“ISO 27001”) or equivalent information security standard as mutually agreed upon by eBay and you.
    11. ProcessingorProcesses” means any operation or set of operations which is performed upon eBay Personal Data, whether by automatic means or not, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    12. Security Breach” means a compromise of the systems in which eBay Data has been accessed or acquired by one or more unauthorized parties, or you or eBay reasonably suspects that such a breach of security may have occurred, or any act that violates any Applicable Law. For the avoidance of doubt, “a compromise of the systems” includes, but is not limited to: misuse, loss, destruction, unauthorized access, collection, retention, storage, or transfer.
    13. Sub-Processor” means any of your Affiliates, agents or assigns that Processes eBay Personal Data subject to the Terms, and any unaffiliated Data Processor engaged by you or by your Affiliates.
  3. Security Management:
    1. Scope and Contents. You will develop, implement, maintain and enforce a written information privacy and security program (“Security Program”) that (i) aligns with an Industry Recognized Framework; (ii) includes administrative, technical and physical safeguards reasonably designed to protect the confidentiality, integrity and availability of eBay Data; (iii) is appropriate to the nature, size and complexity of your business operations; and (iv) complies with any Applicable Laws that are applicable for the geographic region in which you do business.
      1. Security Program Changes. You will provide details of any major changes to your Security Program that may adversely affect the security of any eBay Data. Such details must be communicated in writing to the eBay Security Operations Center (as provided in Section 8 below) within ten (10) business days prior to the effectiveness of any changes.
      2. Security Officer. You will designate a senior employee to be responsible for overseeing and carrying out your Security Program and for communicating with eBay on information security matters (the “Security Officer”). Upon eBay’s request, the Security Officer will provide eBay with the contact information of one or more your representatives who will be available to discuss any security concerns (e.g., discovered vulnerability, exposed risk, reported concern) with eBay and to communicate the level of risk associated with such concerns and any remediation thereof. Your representative must be available during normal business hours. Any changes to the contact information of the Security Officer or designated representatives must be communicated to the eBay Security Operations Center (as provided in Section 8 below) within twenty-four (24) hours via e-mail or telephone.
      3. Training. You certify that your personnel will be provided with a clear understanding of procedures and controls reasonably necessary to comply with this DPRA prior to their being granted access to eBay Data. Your personnel will, upon hiring, and at least annually thereafter, participate in security awareness training. This training will cover, at a minimum, your security policies, including acceptable use, password protection, data classification, incident reporting, the repercussions of violations, and brief overviews of Applicable Law. You will also provide training regarding data privacy and protection if you or your personnel accesses eBay Personal Data.
      4. Due Diligence over Subcontractors. You will maintain a security process to conduct appropriate due diligence prior to utilizing subcontractors, including Sub-Processors, to provide any services under the Terms. You will assess the security capabilities of any such subcontractors on an annual basis to ensure subcontractor’s ability to comply with this DPRA and the Terms. The due diligence process will provide for the identification and resolution of significant security issues prior to engaging a subcontractor, written information security requirements that oblige subcontractor to adhere to your key information security policies and standards within all contracts, and for the identification and resolution of any security issues. You will maintain subcontractor audit reports, subcontractor information security controls, and/or any assessment work for a minimum of three (3) years from the date of the assessment.
  4. Logical Security:
    1. General. The logical security processes in this Section 4 apply to all of your systems or your agents’ or your assigns’ systems and supporting networks used to provide services under the Terms and on which eBay Data is accessed, Processed, stored, transferred or maintained.
    2. Systems Access Control and Network Access Control.
      1. Access Controls. You certify that you employ access control mechanisms that
        1. prevent unauthorized access to eBay Data;
        2. limit access to your personnel with a business need to know;
        3. follow the principle of least privilege allowing access to only the information and resources that are necessary under the terms of the Terms; and
        4. have the capability of detecting, logging, and reporting access to the system or network or attempts to breach security of the system or network.

          Additionally:

        5. You will revoke your personnel’s access to physical locations, systems, and applications that contain or Process eBay Data within twenty-four (24) hours of the cessation of such personnel’s need to access the system(s) or application(s);
        6. All personnel must have an individual account that authenticates that individual’s access to eBay Data. You will not allow sharing of accounts; and
        7. Access controls and passwords must be configured in accordance with industry standards and best practices. Passwords will be hashed with industry standard algorithms per Section 9 below.
      2. Regular Review of Access Controls. You will maintain a process to review access controls on a minimum annual basis for all of your systems that contain eBay Data, including any system that, via any form of communication interface, can connect to the system on which eBay Data is stored. These access processes and the process to establish and delete individual accounts will be documented in, and will be in compliance with your security policies and standards referenced in Section 3.1 above. You will maintain the same processes of review and validation for any third party hosted systems you use that contain eBay Data
      3. Remote Access Authentication. You will configure remote access to all networks storing, transmitting, or containing eBay Data to require two-factor authentication for such access by your Personnel.
    3. Telecommunication and Network Security
      1. Firewalls. You will deploy reasonably appropriate firewall technology in the operation of your sites. Traffic between eBay and you will be protected and authenticated by industry standard cryptographic technologies.
      2. Firewall Maintenance. At a minimum, you will review firewall rule sets annually to ensure that legacy rules are removed and active rules are configured correctly.
      3. Intrusion Detection and Prevention. You will deploy intrusion detection or preferably prevention systems (NIDS/NIPS) in order to generate, monitor, and respond to alerts which could indicate potential compromise of the network and/or host.
      4. Log Management. You shall deploy a log management solution and retain logs produced by firewalls and intrusion detection systems for a minimum period of one (1) year.
      5. Network Segmentation. You shall establish and maintain appropriate network segmentation, including the use of virtual local area networks (VLANS) where appropriate, to restrict network access to systems storing eBay Data. You will proxy all connections from public networks into the your internal network using DMZ or equivalent. You will not allow direct connections from public networks into any network segment storing eBay Data.
      6. Wireless Security. If you deploy a wireless network, you will configure and maintain the use, configuration and management of wireless networks to meet the following:
        1. Physical Access – All wireless devices shall be protected using appropriate physical controls to minimize the risk of theft, unauthorized use, or damage;
        2. Network Access – Network access to wireless networks should be restricted only to those authorized;
        3. Access points shall be segmented from an internal, wired LAN using a gateway device;
        4. The service set identifier (SSID), administrator user ID, password and encryption keys shall be changed from the default value;
        5. Encryption of all wireless connections will be enabled using Industry Standard Encryption Algorithms (i.e. WPA2/WPA with 802.1X authentication and AES encryption). WEP should never be used;
        6. If supported, auditing features on wireless devices shall be enabled and resulting logs shall be reviewed periodically by designated staff or a wireless intrusion prevention system. Logs should be retained for ninety (90) days or longer; and
        7. SNMP shall be disabled if not required for network management purposes. If SNMP is required for network management purposes, SNMP will be read-only with appropriate access controls that prohibit wireless devices from requesting and retrieving information and all default community strings will be changed.
        8. You will maintain a program to detect rogue access points at least quarterly to ensure that only authorized wireless access points are in place. If you have not deployed a wireless solution, you are still required to conduct this quarterly audit to ensure that user-deployed wireless access points are not in use.
    4. Malicious Code Protection. All workstations and servers will run the current version of industry standard anti-virus software with the most recent updates available on each workstation or server. Virus definitions must be updated within twenty-four (24) hours of release by the anti-virus software vendor. You will configure this equipment and have supporting policies to prohibit users from disabling anti-virus software, altering security configurations, or disabling other protective measures put in place to ensure the safety of eBay’s or your computing environment.
  5. Systems Development and Maintenance:
    1. Documentation and Training. You must maintain documentation on overall system, network, and application architecture, data flows, process flows, and security functionality for all applications that process or store any eBay Data. You must employ documented secure programming guidelines, standards, and protocols in the development of applications that process or store any eBay Data. You shall be responsible for verifying that all development staff have been successfully trained in secure programming techniques. You should be trained on all current application vulnerabilities, including, but not limited to OWASP Top 10, WASC TCv2, and the CWE-25. You should know how to recognize these issues and how to remediate them.
    2. Change Management. You will employ an effective, documented change management program with respect to services provided under the Terms as an integral part of your security profile. This includes logically or physically separate environments from production for all development and testing. No eBay Data will be transmitted, stored or Processed in a non-production environment. 5.3 Vulnerability Management and Application Security Assessments. You must run internal and external network vulnerability scans at least quarterly and after any material change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades). Vulnerabilities identified and rated as high risk by you will be remediated within ninety (90) days of discovery.
      1. For all Internet-facing applications that collect, transmit or display eBay Data, you agree to conduct an application security assessment review to identify common security vulnerabilities as identified by industry-recognized organizations (e.g., OWASP Top 10 Vulnerabilities; CWE/SANS Top 25 vulnerabilities) annually or for all major releases, whichever occurs first. The scope of the security assessment will primarily focus on application security, including, but not limited to, a penetration test of the application, as well as a code review. At a minimum, it will cover the OWASP Top 10 vulnerabilities (https://www.owasp.org).
      2. For all mobile applications (i.e. running on Android, Blackberry, iOS, Windows Phone) that collect, transmit or display eBay Data, you agree to conduct an application security assessment review to identify and remediate industry-recognized vulnerabilities specific to mobile applications.
      3. You should utilize a qualified third party to conduct the application security assessments. You may conduct the security assessment review yourself, provided that your personnel performing the review are sufficiently trained, follow industry standard best practices, and the assessment process is reviewed and approved by eBay. Vulnerabilities identified and rated as high risk by you will be remediated within ninety (90) days of discovery.
    3. Patch Management. You will patch all workstations and servers with all current operating system, database and application patches deployed in your computing environment according to a schedule predicated on the criticality of the patch. You must perform appropriate steps to help ensure patches do not compromise the security of the information resources being patched. All emergency or critical rated patches must be applied as soon as possible but at no time will exceed thirty (30) days from the date of release.
  6. Email Security: If you are sending emails to eBay customers, appropriate email identity solutions, including but not limited to DKIM, SPF, and DMARC, will be utilized. If you utilize eBay-owned domain names to send emails, you will adhere to the eBay Email Security requirements, provided upon request.
  7. eBay Security Assessments and Audits:
    1. You shall, upon reasonable notice, allow your data Processing facilities, procedures and documentation to be inspected by eBay (or its designee) in order to ascertain compliance with Applicable Law, this DPRA, or any agreements between you and eBay.
    2. You shall fully cooperate with audit requests by providing eBay access to relevant knowledgeable personnel, physical premises, documentation, infrastructure, and application software.
  8. Incident Response and Notification Procedures:
    1. You will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put eBay Data at risk (“Security Breach”), you shall take all reasonable measures to mitigate the harmful effects of the Incident. You shall also notify eBay of the Security Breach as soon as practicable, but in no event later than 24 hours after the Security Breach. Notice to eBay shall be written to DL-eBaySecurity-Report@ebay.com and shall include: (i) the identification of the eBay Data which has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of eBay Data involved in the incident; (iv) a description of your response to the incident, including steps you have taken to mitigate the harm caused by the incident; and (v) other information as eBay may reasonably request. You must ensure that affected third parties are notified of the Security Breach, at eBay’s sole discretion, either by notifying such third parties after eBay has reviewed and approved the language and method of notice, or by enabling eBay to notify such third parties itself. You agree to cover the costs of any such notification, including reimbursing eBay for any reasonable costs such as to provide credit monitoring to affected Data Subjects.
    2. You will retain all data related to known and reported Incidents or investigations indefinitely or until eBay notifies you that the image is no longer needed. Upon eBay’s request, you will permit eBay or its third party auditor to review and verify relevant video surveillance records, access logs and data pertaining to any Incident investigation. Upon conclusion of investigative, corrective, and remedial actions with respect to an Incident, you will prepare and deliver to eBay a final report that describes in detail: (i) the extent of the Incident; (ii) the eBay Data disclosed, destroyed, or otherwise compromised or altered; (iii) all supporting evidence, including, but not limited to, system, network, and application logs; (iv) all corrective and remedial actions completed; and (v) all efforts taken to mitigate the risks of further Incidents.
  9. Storage, Handling, and Disposal:
    1. Data Segregation. You will physically or logically separate and segregate eBay Data from your other clients’ data.
    2. Electronic Form Data. You will utilize Industry Standard Encryption Algorithms and Key Strengths (as defined in the “Definitions” section of this DPRA) to encrypt the following:
      1. All eBay Data that is in electronic form while in transit over all public wired networks (e.g., Internet) and all wireless networks.
      2. Passwords will be hashed with irreversible industry standard algorithms with randomly generated “salt” added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings. The randomly generated salt should be at least as long as the output of the hash function.
      3. Any mobile devices used outside of a Data Center (e.g., laptop, desktop tablet) to perform any services under the Terms.
    3. Data Centers. To the extent you are operating a Data Center or utilizing a Third Party Data Center, you will comply with physical security controls outlined in one or more of the following industry standards: ISO 27001, SSAE 16 or ISAE 3402, or PCI-DSS.
    4. Data Retention. Except where prohibited by law, upon the earliest to occur of: (i) the termination of the Terms; (ii) such time when eBay Data is no longer required for the purposes of the Terms; (iii) upon written request from eBay or an applicable data subject, or (iv) such time that your data retention period has exceeded industry best practices for the time/duration/age of the eBay Data:
      1. You will promptly remove the eBay Data from your environment and destroy it within a reasonable timeframe, but in no case longer than thirty (30) days thereafter,
      2. All media used to store eBay Data will be sanitized or destroyed as required in the “Destruction of Data” Section 9.5, and
      3. You will provide eBay with a written certification regarding such removal, destruction, and/or cleaning upon request.
    5. Destruction of Data. You will dispose of eBay Data at such time as outlined in the “Data Retention” Section 9.4. eBay Data should be disposed of in a method that prevents any recovery of the data in accordance with industry best practices for shredding of physical documents and wiping of electronic media (e.g. current version of NIST SP 800-88). You will destroy any equipment containing eBay Data that is damaged or non-functional. All eBay Data must be rendered unreadable and unrecoverable regardless of the form (physical or electronic).
  10. Ownership; Use: You acknowledge and agree that you have no ownership of, or right to use, eBay Data other than as expressly permitted under the Terms or as authorized by eBay in writing. For the avoidance of doubt, you have no right to copy, use, reproduce, display, perform, modify or transfer eBay Data or any derivative works thereof, except as expressly provided in the Terms or as expressly authorized by eBay in writing. You acknowledge and agree that you will not use (or permit any third party to use) the eBay Data for any use other than as expressly provided in the Terms.
  11. Payment Card Industry (“PCI”) Compliance:
    1. Section 11 applies whenever you are “PCI Relevant.” “PCI Relevant” means you will be transmitting, Processing, handling, accessing, maintaining, or storing credit or debit card information regulated by the Payment Card Industry Security Council (“Cardholder Information”) in the course of providing Services under the Terms.
    2. You will validate your compliance with the Payment Card Industry Data Security Standard (“PCI-DSS”) according to the standards set forth by the PCI Security Standards Council, including completion of any required assessments. If you will be transferring, Processing and/or storing credit card account information, you must provide audit evidence that they comply with the PCI-DSS prior to accessing relevant eBay API(s).
    3. You will maintain such compliance at all times during the term of the Terms. This requirement will survive the duration of the Terms until you return, destroy, or cause the destruction of any and all Cardholder Information in your possession, custody, or control.
    4. You will provide eBay with evidence of full compliance with the PCI-DSS upon request.
  12. Survival: Your obligations and eBay’s rights under this DPRA shall become effective on the Effective Date of the Terms and will continue in effect so long as you possess eBay Data.
  13. Conflict: If and to the extent language in this DPRA conflicts with the Terms, this DPRA shall control.
  14. Processing of Personal Data:

    The following additional terms shall apply to the Processing of Personal Data by you:

    1. Processing Instructions: You shall Process Personal Data only to deliver services in accordance with the Terms and/or eBay’s written instructions. For the avoidance of doubt, eBay’s written instructions for the Processing of Personal Data shall comply with Applicable Law. In the event you reasonably believe there is a conflict amongst Applicable Law or that eBay’s instructions conflict with any Applicable Law, you will inform eBay immediately and shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
    2. Use of Sub-Processors:
      1. Contractual Privity. Your obligations under this DPRA shall apply to Sub-Processors. You are authorized to use Sub-Processors, provided that you represent and warrant that any approved SubProcessor is contractually bound to meet all data protection obligations required by the Terms, eBay’s Processing instructions, and by Applicable Law. Proof of these contractual obligations, in which commercially sensitive terms may be redacted, shall be provided to eBay promptly upon request. In the event that eBay reasonably believes a Sub-Processor Processes eBay Personal Data without having entered into a contractual agreement with you containing data protection obligations required by the Terms, eBay’s Processing instructions or by Applicable Law, eBay will promptly inform you and you shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
      2. List Maintenance. You shall maintain a list of all Sub-Processors you have engaged to Process eBay Personal Data. Where required by law, you shall (i) inform eBay of any intended changes concerning the addition or replacement of Sub-Processors with access to eBay Personal Data and give eBay the opportunity to object to such changes, and (ii) obtain the prior written consent of eBay before entering into any such agreement (unless expressly waived in a written agreement).
      3. Organizational, Technical, and Physical Safeguards. You must restrict through organizational, technical, and physical safeguards the Sub-Processor’s access to eBay Personal Data to that which is only strictly necessary to perform its subcontracted Processing services to you (which shall be consistent with the Processing Instructions issued to you by eBay). Additionally, you will prohibit through organizational, technical and physical safeguards the Sub-Processor from Processing eBay Personal Data for any other purpose. Sub-Processors must similarly implement appropriate organizational, technical and physical measures to ensure that the Processing of eBay Data occurs in strict accordance with the Terms, eBay’s Processing instructions and Applicable Law and Regulations.
      4. Sub-Processor Liability. You shall remain liable for any act or omission of a Sub-Processor that does not comply with the Terms, any Processing instructions or the requirements of Applicable Law.
    3. Transfer of Personal Data: You shall not cause or permit any Personal Data to be transferred across borders in breach of Applicable Law. Cross-border transfers of Personal Data subject to legal restrictions by Applicable Law shall require eBay’s prior written consent. For the avoidance of doubt, this transfer restriction does not pertain to eBay personnel access to Personal Data.
    4. Limitation on Disclosure of Personal Data: To the extent legally permitted, you shall immediately notify eBay in writing upon receipt of an order, demand, or document purporting to request, demand or compel the production of Personal Data to any third party. You shall not disclose Personal Data to the third party without providing eBay at least forty-eight (48) hours’ notice, so that eBay may, at its own expense, exercise such rights as it may have under Applicable Law to prevent or limit such disclosure. Notwithstanding the foregoing, you will exercise commercially reasonable efforts to prevent and limit any such disclosure and to otherwise preserve the confidentiality of Personal Data; additionally, you will cooperate with eBay with respect to any action taken pursuant to such order, demand, or other document request, including to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to Personal Data.
    5. Compliance with Applicable Law: You shall Process Personal Data in accordance with Applicable Law. You represent and warrant that you will maintain privacy policies sufficient to protect the Personal Data and compliant with the Applicable Law.
    6. Liability and Indemnification: You shall be liable for any of your acts and/or omissions relating to the obligations in this DPRA that result in a Security Breach of eBay’s Personal Data. You shall indemnify, defend and hold eBay harmless from and against all liabilities, costs, damages, claims and expenses relating to Security Breaches that araise from or in connection with your breach of your obligations stated in this DPRA.
    7. Personal Data transmitted to eBay: Prior to sharing any Personal Data with eBay, you shall ensure that Data Subjects are appropriately notified of and have consented to eBay’s privacy practices. You warrant that you have a legitimate basis and adequate title to collect and share Personal Data with eBay.

June 26, 2023