This eBay Partner Network Agreement (“ Agreement ”) is made by and between you (“ you ”or “ Affiliate ”) and eBay Partner Network, Inc. (“ EPN ”), a Delaware corporation with an address at 2145 Hamilton Ave., San Jose, CA 95125. This Agreement sets forth the terms and conditions applicable to your participation in EPN's affiliate network (the “ Network ”) pursuant to which you may earn performance-based compensation through approved promotional methods that display or direct end users to participating websites and that result in Qualifying Events (as defined below).

 

By accepting the terms of this Agreement and submitting an application to participate in the Network you agree to be bound by the terms and conditions of this Agreement, the EPN Privacy Noticethe eBay Data Protection Requirements Addendum (“DPRA ”), and the applicable Program Details, which are incorporated by reference into this Agreement.

 

This Agreement was published on the Network website on July 29, 2024. If you joined the Network on or after July 29, 2024, the terms set forth herein shall apply to you immediately. If you were already a partner of the Network on July 28, 2024, these terms will take effect for you on August 1, 2024 in accordance with the “Amendment ”section of the previous version of the EPN Network Agreement. 

 

 

Contents

 

     
  1. Definitions
    1. Advertiser –eBay Inc. or an eBay Corporate Family Member that elects to participate in the Network, as specified in the applicable Program Details.
    2. Affiliates –A company or individual entity that participates in the Network to earn compensation for Qualifying Events.
    3. Agent –A sub-affiliate, sub-publisher, distribution partner or other similar third-party relationship through which an Affiliate participates in a Program. Agents are subject to EPN's prior written approval in accordance with Section III.C.
    4. AI System - a machine-based system that is designed to operate with varying levels of autonomy and that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions that influence physical or virtual environments.
    5. Applicable Law –All national, state, and local (1) laws, ordinances, regulations, and codes and (2) orders, requirements, directives, decrees, decisions, judgments, interpretive letters, guidance and other official releases of any regulatory authority that apply to you or the performance of your obligations hereunder.
    6. Clickless Attribution Program - is Your engagement with eBay for a clickless program as described in Exhibit C and under an applicable statement of work (“SOW”) or insertion order (“IO”).
    7. eBay –eBay Inc. and eBay Corporate Family Members, collectively.
    8. eBay Corporate Family Member –An entity that controls, is controlled by or is under common control with eBay Inc. “Control ”means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies and operations of such entity, whether through ownership of voting securities, by contract or otherwise.
    9. eBay Data –eBay Data shall have the same meaning as provided in the eBay Data Protection Requirements Addendum, attached hereto as Exhibit B. For clarity, EPN User Data (as defined in Section VI(A)) is eBay Data.
    10. eBay's Buy API Program   –an approved EPN program that permits Affiliates who have entered into an agreement with eBay, or an EPN approved third party, to display products or services that are listed on an Advertiser's digital property on a digital property that is owned and operated by the Affiliate and allow end users to purchase such products or services through eBay's API.
    11. Gross Merchandise Bought (“GMB ”) –The total purchase price paid by a buyer for a Qualifying Transaction, excluding any shipping fees and taxes.
    12. Link –A hyperlink embedded in a Promotional Method that allows an end user to click to Participating Sites and Content.
    13. Participating Sites and Content –Any Advertiser website or content that is promoted by Affiliates, as described in the applicable Program Details.
    14. Program –A performance-based marketing program to promote Participating Sites and Content as set forth in the applicable Program Details.
    15. Program Details –The terms and conditions that govern an Affiliate’s participation in a particular Program (available at https://partnernetwork.ebay.com/legal#program-details ).
    16. Promotional Content –Buttons, banners, widgets, text, Software Applications and other creative content that are used by Affiliates to promote Participating Sites and Content.
    17. Promotional Method –The methods by which Affiliates promote Participating Sites and Content, which may include Promotional Content.
    18. Promotional Tools –Tools or API platforms that may be provided by EPN or a third party that Affiliates may use to create their own Promotional Content.
    19. Qualifying Event –An activity by an end user (such as a purchase, app download, or qualifying click) that qualifies the Affiliate to receive compensation, including Qualifying Transactions and Qualifying clicks as described in the Program Details.   
    20. Software Application –A software application developed by an Affiliate to be used in a Promotional Method.
    21. Tracking Code –A tracking code provided by EPN that is embedded in Promotional Methods to track the Qualifying Events.
  2.  
  3. Registration and Your Account.
     
  1. Registration. To participate in the Network, you must agree to the terms herein and register to use the Network (registration page available at https://partner.ebay.com/ ) to use the Network. EPN will notify you if EPN accepts or rejects your application. EPN may in its sole discretion reject your application and terminate the Agreement for any reason without any compensation to you. You may not apply without EPN's prior written consent if EPN has previously terminated your account or if you are a vendor or agency of EPN. You may not register more than one account without prior written approval from EPN. EPN must accept your application before you may develop any Promotional Content or any Promotional Method.
  2. Accurate Information. You must provide EPN with and maintain complete and accurate information about you (including your payment and tax information) and your Promotional Methods during your participation in the Network. EPN has the right to confirm or verify the truth and accuracy of your registration and account information at any time in its sole discretion.
  3. Account Security. You are responsible for all activity on your Network account and for loss, theft or unauthorized disclosure of your password (other than as a result of EPN's gross negligence or willful misconduct or omission). You must provide EPN with prompt written notification of any known or suspected unauthorized use of your account or breach of the security of your account.
  4. Your Relationship with EPN and the Advertisers. Your participation in the Network and any Program do not constitute a direct contractual relationship between you and any Advertiser. However, Advertisers are explicitly designated as third-party beneficiaries to this Agreement in relation to rights they wish to rely upon or enforce against you. You may not misrepresent or embellish the relationship between EPN, the Advertiser and you.
  5. eBay and eBay's Programs. Your eBay account must be in good standing at all times in order for you to participate in the Network.
  1. Performance.
     
  1. Program Details . The Program Details define the Program, Qualifying Events, and specific terms of compensation that are applicable to any Program that you participate in. In the event of any conflict between the terms of this Agreement and the Program Details, the Program Details will control. If you participate in a Clickless Attribution program, the terms contained in Exhibit C shall apply.
  2. Code of Conduct . Your use of any Links, Promotional Tools, Promotional Content, or Promotional Methods are subject to the Code of Conduct attached as Exhibit A and incorporated herein by reference.
  3. Agents.
    1. Use of any Agents requires EPN’s prior written approval, which may be revoked at any time.
    2. You must ensure such Agent complies at all times with the terms set forth in the Agreement herein, the EPN Privacy Notice, the DPRA, and any applicable Program Details. You must document in writing their receipt and acceptance of such terms.
    3. You are limited to a single tier of Agent relationships.
    4. You may not work with Agents that have previously been terminated by EPN.
    5. You are responsible for your Agents’ activities in any Program. Any violation by your Agents of the Agreement shall constitute a violation by you, and EPN shall have full recourse against you with respect to such a violation, including without limitation, suspension, or termination from the Program, specific performance, injunctive relief, and attorneys’ fees.
    6. Your contract with your Agents shall expressly exempt EPN from any liability, except where such liability is solely due to the willful, negligent, or fraudulent conduct of EPN.
    7. Upon EPN's request you must provide documentation of all Agents ’:
      1. identifying information, which shall include:
        1. in the case of a natural person, the Agent’s first and last name, physical address, country, telephone number, and email address; and
        2. in the case of corporations, partnerships, proprietorships, limited liability companies, organizations, associations, cooperatives, agencies, or other legal entities, entity details and the first and last name, physical address, country, telephone number, and email address for the natural person or persons who own, manage, or control the Agent;
      2. unique tracking information; and
      3. acceptance of the Agreement, EPN Privacy Notice, the DPRA, and applicable Program Details.
    8. You must establish and maintain a functioning e-mail address or other internet-based mechanism for consumers to report complaints regarding any Agent and make best efforts to associate each complaint with the Agent that is the subject of the complaint. You must identify by tracking information and identifying information any Agent associated with any suspected violation of this Agreement. You must promptly investigate any complaints received through this mechanism and immediately terminate any Agent that you reasonably determine has engaged, or is engaging, in violations of Applicable Law or this Agreement. You must also provide to EPN all reasonable assistance in case one of your Agents is infringing the Agreement.
  1. Tracking and Reporting.
     
  1. Tracking. For EPN to track Qualifying Events, you must include and maintain the Tracking Code provided to you by EPN within your Promotional Methods. You may not modify the Tracking Codes in any Promotional Methods.
  2. Access to Tracking and Reporting Tools. EPN may provide you with access to tracking and reporting tools and other support services. Data from such tools and services are not available on a real-time basis and may have reporting delays.
  1. Compensation.
     
  1. Qualifying Events .
    1. Subject to other provisions in this Agreement you will be compensated for each Qualifying Event in accordance with the applicable Program Details. There may be exceptions to the rate card shown in the applicable Program Details for certain Affiliates or certain circumstances or as otherwise reflected in your contract, which may be viewed in EPN's partner portal. Compensation will be calculated based on EPN's tracking data at the end of each month.
    2. With respect to Qualifying Transactions only, if an end user has clicked on multiple Links from different Affiliates prior to a Qualifying Transaction (resulting in multiple cookies placed on the end user's computer), then, unless otherwise indicated in the Program Details, EPN shall only compensate the Affiliate whose Link was the last clicked by the end user so long as the applicable Advertiser did not conduct any promotional activities (a) subsequent to such click and prior to the Qualifying Transaction and (b) that would have placed a cookie overwriting the cookie from the last Affiliate’s Link.  
    3. EPN has the right to change any existing Program Details with respect to Qualifying Events and compensation in its sole discretion with three (3) days notice to you. This includes, without limitation, EPN instituting earnings caps for any affiliates to limit the amount of compensation that an Affiliate can earn through the program over a specified period of time (e.g. daily earnings cap). Such changes will apply only to activities occurring after the notice period.

 

  1. Payments.
    1. Timing. Subject to Section II.B (Accurate Information), each month, EPN will issue to you any positive balance in your account for transactions reported for the previous month, so long as your account balance exceeds the required minimum account balance of 10 USD (or the equivalent sum in the applicable currency), or the banking fees applicable to the transactions, whichever is greater. The number or amount of transactions, credits for payments and debits for chargebacks as calculated by EPN shall be final and binding on you, unless validly disputed by you within the eBay data retention policies. Disputes will be considered except under the following conditions:
      1. Partner account has been suspended by EPN for violations of the Network Agreement or violations of GDPR or other applicable law
      2. The necessary data to validate a dispute has been deleted or destroyed pursuant to EPN data retention policies
      3. You deleted your own data or closed Your account and therefore the data necessary for a dispute is no longer available
    2. Form of Payment. When you join EPN you can choose to be paid in one of the currencies listed in Section V(B)(3). If you do not select a currency EPN will select one for you. You can collect payments (a) with a verified PayPal account or (b) by direct deposit if available for your country of residence. The conversion rate will be determined in accordance with EPN's operating standards using the rates prevailing on the date the Qualifying Event is completed.
    3. EPN currently provides the opportunity to be paid in the following currencies: U.S. dollars (USD), British Pounds (GBP), Euros (EUR), Australian dollars (AUD), Canadian dollars (CAD), Norwegian krone (NOK), Israeli new shekel (ILS), Swedish krona (SEK), Singapore dollar (SGD), Danish krone (DKK), and Hong Kong dollar (HKD). EPN may, in its sole discretion, offer you the option to be paid in other currencies not specified herein, and it may discontinue offering and issuing payments in any particular currency at any time. EPN may charge a currency conversion fee for payments made in currencies other than U.S. dollars (USD), British Pounds (GBP), Euros (EUR), Australian dollars (AUD), and Canadian dollars (CAD).
  2. Taxes. You are responsible for any taxes that may be due in connection with your participation in the Network or otherwise on the services provided by you. EPN does not pay additional compensation to you for taxes. If the withholding of any tax is required in respect of any payment to you, EPN will (1) withhold the applicable amount from such payment and (2) pay such amount to the relevant authorities in accordance with any Applicable Law in the relevant jurisdiction(s). Upon request from you, EPN will provide a copy of the tax receipt documenting payment of the tax to the relevant authorities. You agree to complete and provide to us or to the applicable taxing authority at least 10 days prior to the payment due date, such forms, certifications or other documents as may be reasonably requested by EPN, to reduce or exempt withholding taxes with respect to payments made to you when and where required by Applicable Law. If it is later determined that EPN should have withheld and/or paid additional tax but did not withhold or pay such tax, then you shall pay the applicable tax and hold EPN harmless from any penalties or interest thereon.
  3. Non-Payment, Withholding, Reversal and Chargebacks
    1. Notwithstanding anything to the contrary herein, EPN shall have no duty to pay you for Qualifying Events during any current or previous month when you were in breach of this Agreement. In the event that you dispute that you are or were in breach of this Agreement or an agreement covering your participation in eBay's Buy API Program (if applicable), or that EPN in its sole discretion has reason to believe that you or your Agent(s) have breached this Agreement or have engaged in potentially fraudulent activities, and such dispute is resolved in your favour, EPN shall reimburse you in respect of any payments which have been withheld pursuant to this clause in accordance with clause V E.1.  
    2. EPN may debit your account in an amount equal to a payment previously made to you or a compensation that has been credited to your account, but has not been paid yet, if EPN determines in its sole discretion that there has been (a) duplicate entry or other clear error; (b) non-bona fide transactions or other fraudulent activity; (c) a breach of, or other failure to complete or reversal of a Qualifying Transaction; or (d) failure to comply with any terms of this Agreement. EPN may apply a chargeback to your account at any time, including previous payment cycles. In the event that you dispute EPN's determination under this clause and such dispute is resolved in your favour, EPN shall reimburse you in respect of any debits made to your account in accordance with clause V E.1.
    3. EPN will make all commercially reasonable efforts to pay any positive balance that is due to you. In certain circumstances, based on EPN's records, it may not be possible for EPN to pay you because for a period of 24 months or more: (a) your account has been inactive, meaning that you have not logged into your account or you have not accepted funds, payments or other amounts that EPN has attempted to pay or deliver to you; (b) EPN has been unable to reach you, or has not received adequate payment instructions from you, after contacting you at the email address shown in EPN's records; or (c) you have not generated the minimum amount of commissions to qualify for payment. In these circumstances, EPN may, without further notice to you, turn the unpaid or undelivered amounts over to the applicable regulatory authorities in accordance with Applicable Law.
    4. In the event you are found to be in violation of the General Data Protection Regulations (GDPR) as described in the Agreement, in additional to any penalties levied by any European National Authorities, EPN may immediately cease all payments, reverse or retain any earnings accrued but not yet paid, and close your account. 
  4. Tracking and True-Up Payments
    1. In cases where EPN discovers that EPN has failed to capture all Qualifying Events, or when a determination was made by EPN pursuant to clauses V.D(1) or V.D(2) and resolved in your favor, EPN shall strive to determine the discrepancies between intended and actual Qualifying Events and conduct true-up payments, and either pay you for valid payments which were withheld or return debits made during a dispute period. If EPN deems appropriate, EPN may design a methodology for calculating true-up payments in EPN's sole discretion. 
  1. Privacy and Data.
     
  1. User Information Received from EPN . In connection with your participation in the Network and the Programs, EPN may make available certain information that relates to an EPN or eBay user, browser or device (“EPN User Data ”). EPN User Data is EPN's Confidential Information. You may not use EPN User Data other than for the purpose for which it was provided to you, and under no circumstances to create or augment audience profiles.
  2. EPN Access to Affiliate End User Data . EPN may request access to information regarding your end users when necessary to enforce EPN's rights under this Agreement or to verify your compliance with your obligations under this Agreement. You agree to provide EPN with access to such information.
  3. Affiliate’s Compliance with Relevant Privacy Regulations .
    1. You must maintain and post a privacy notice in your websites or applications that complies with all Applicable Laws, including full and accurate disclosure of:
      1. your collection, use and disclosure of visitor information,
      2. your use of third-party technology, including EPN's tracking technology,
      3. your use of cookies and options for discontinuing use of such cookies.
    2. You agree that you are responsible for all personally identifiable information that you collect from end users and that you must obtain valid consent from end users to collect, use or disclose this information as required by Applicable Law. You further agree that unless you have the valid consent of the end user, you may not enable the Tracking Code to collect any personally identifiable information from end users or otherwise profile end user activities.
  4. DPRA Requirements. By participating in the Network, you agree to comply with the terms of the DPRA attached as Exhibit B and incorporated herein by reference, as the same may be updated from time to time.
  5. Use of eBay Data.  You acknowledge and agree that you will only use eBay Data for the sole purpose of participating in a Program and as otherwise directed or approved by EPN in writing. For the avoidance of doubt, you acknowledge and agree that you have no ownership of, or right to use, sell, rent lease, copy, access, combine, reproduce, display, perform, modify, transfer, or disclose eBay Data, or any derivative works thereof, except as expressly provided in this Agreement or as otherwise agreed to by EPN in writing. Additionally, you agree not to disclose any eBay Data to any third parties, except as indicated in this Agreement or as otherwise agreed to by EPN in writing. You will immediately discontinue any use of eBay Data and destroy all eBay Data in your possession upon the earlier of (i) EPN's request or (ii) termination of your account from the Network.
  6. Audience Sharing . If you participate in audience sharing, you must update your audience/user lists (“Audience Segments ”)  at least every seven days with information provided by EPN or its authorized third-party and delete all previous versions of the Audience Segments immediately upon receipt of such updated information. You agree that this means you will delete Audience Segments received from EPN or its authorized third party daily, and you will not accumulate, or store, previous version of Audience Segments (or similar information, regardless of name) received from EPN or its authorized third party. You also agree that the Audience Segments are eBay Data, and as such, your use of the Audience Segments will comply with all other terms contained in this Agreement and the attached DPRA relating to use of eBay Data.
  1. Compliance, Audits and Remedies.
     
  1. Supplier Code of Conduct . In participating in the Network, you agree to abide by the eBay Supplier Code of Conduct available at https://www.ebayinc.com/supplier-code-of-conduct/, as the same may be updated from time to time.
  2. Right to Audit. EPN and its service providers have the right to audit your or your Agent’s sites or activities in relation to your and your Agent’s participation in the Network and the Programs. You shall not block or otherwise interfere with such audit, and EPN and its service providers may use technical means to overcome any methods you may use to block or interfere with such audit. To the extent not prohibited by Applicable Law, audits may include requests for documents and server logs, and visits to your facilities and those of your Agents. Your failure to reasonably comply with EPN’s efforts to audit your or your Agents’ compliance with this Agreement shall constitute a material breach of this Agreement. If Applicable Law does not allow you to share server logs with EPN, you must provide EPN with other proper proof of traffic that you sent to Participating Sites and Content.
  3. Remedy for Breach. If EPN in its sole discretion believes that you or your Agents have breached this Agreement or that you or your Agents have engaged in fraudulent activity, it may take any and all steps it deems appropriate including without limitation:
    1. Issue a warning;
    2. Conduct an investigation;
    3. Suspend your account from participating in a specific Program or from the Network as a whole;
    4. Terminate your account from a specific Program or from the Network as a whole; or
    5. Withhold or recover any compensation.
      In addition to any other available remedies, EPN may seek specific performance, injunctive relief and/or attorneys’ fees in its sole discretion acting reasonably.
  4. Suspension. – If EPN suspends your account from the Network or a Program, you will no longer get paid for any future activity. You are required to immediately remove all Promotional Methods. EPN in its reasonable discretion, and after considering the legitimate business interests of eBay, may reinstate your account in the event you have taken all necessary remedial actions to EPN's satisfaction.
  5. Appealing.  –If for any reason EPN determines You are in violation of any part of this Agreement, or if you have been suspended, you may appeal the decision and provide additional information to support your position by using this link: https://partnernetwork.ebay.com/resources/contact-support.
  1. Intellectual Property.
     
  1. Promotional Content. When your application to the Network is accepted, EPN grants you a revocable, non-exclusive, non-transferable (unless EPN approved your use of Agents), worldwide, royalty-free license to display Promotional Content for the duration of your participation in a Program.
  2. Promotional Tools. When your application to the Network is accepted, EPN grants you a revocable, non-exclusive, non-transferable (unless EPN approved your use of Agents), right to use the Promotional Tools that EPN makes available to you solely to facilitate your participation in the Program. EPN reserves all rights in the Promotional Tools, including all intellectual property rights. The use of a Promotional Tool may be subject to further terms and conditions that you must accept.
  3. Use of Your Marks. You authorize EPN and the Advertisers for the Programs that you are participating in to use your trademarks, service marks, tradenames, company names and copyrighted material that you provide to promote your participation in the Program.
  4. Your Use of eBay Proprietary Rights. You acknowledge that you obtain no proprietary rights in eBay’s or any eBay Corporate Family Member’s trademarks, service marks, trade names, URLs, copyrighted material, patents and patent applications or other intellectual property, and agree not to challenge eBay’s or any eBay Corporate Family Member’s proprietary rights in any way. You must use all EPN provided content and services in a way that does not, in EPN’s sole discretion, blur or dilute, tarnish or adversely affect eBay’s or any eBay Corporate Family Member’s proprietary rights.
    1. Your company name, keyword for paid search, trademark, trade name, brand, shop sign, domain name, or URL (specifically, any term before the third “/”of your URL) may not (a) incorporate in part or in full any of eBay’s trademarks, trade names, company names, brands, shop signs, domain names or URLs (including the translations and transliterations), any variations thereof, or any terms confusingly similar to any of the above as determined by eBay in its sole discretion; or (b) consist of a generic or descriptive term followed by “Bay ”. You may not display your company name, branding or trademark in an uneven, staggered, multi-color format that in EPN’s sole discretion invokes the distinctive multi-color eBay logo.
    2. Use of eBay Corporate Family Members’ Names and Logos . You may use eBay’s name or logo in the name of a software tool or application only in accordance with the requirements below and subject to EPN’s prior written approval:
      1. You may use “eBay ”only in a descriptive manner. For example, “eBay Fee Calculator” is not acceptable while “Fee Calculator for eBay” would be acceptable.
      2. You must capitalize “eBay” as “eBay” or “EBAY” only.
      3. You may not combine a generic or descriptive name with the “BAY” prefix or suffix (e.g., “CalculatorBay” or “eBaygle”).
      4. You may not use eBay as a verb (e.g., “eBaying”).
      5. You may not modify any eBay logo provided to you by EPN.
      6. You may only use one color if you use block letters to display an eBay Corporate Family Member’s name; multiple colors invoking the eBay Inc. logo is prohibited.
      7. You may not use an eBay logo within a sentence.
  5. Retention of Rights. Any and all proprietary rights, goodwill and other benefits and rights resulting from the use hereunder of trademarks, trade names or company name inures to the benefit of the owner.
  6. Third-Party Disputes. In the event of a third-party claim against EPN’s or the Advertiser’s intellectual property or right to offer any service or good or if such a claim is likely in EPN’s opinion, EPN shall have the right, in its sole discretion, to take any action to terminate the practices responsible for such third party claims and/or to secure, at its expense, the right to continue using the intellectual property or good or service, and/or to replace or modify the same to make it non-infringing or without misappropriation.
  1. Confidentiality. In connection with your participation in the Network and the Programs you may be provided with data and information that is confidential and proprietary to EPN or the Advertiser(s), as is designated by the disclosing party or that is reasonably understood to be proprietary or confidential (“ Confidential Information ”). Confidential Information does not include information: (a) that is or becomes publicly available through no act or omission of the receiving party; (b) disclosed to the receiving party by a third party not bound by any confidentiality obligation with respect to such information; (c) developed by the receiving party independent of the disclosing party's Confidential Information; or (d) that is in the possession of the receiving party and not subject to any duty of confidentiality as of the date you accept the terms of this Agreement. You agree to use the same degree of care, but no less than a reasonable degree of care, to maintain the confidentiality of and to protect any proprietary interests of EPN or the Advertiser. You may deliver a copy of such Confidential Information (i) pursuant to a subpoena issued by any court or administrative agency, (ii) to your accountants, attorneys or other agents (“ Representatives ”) solely on a need-to-know basis in connection with the performance of your obligations or rights under this Agreement and the applicable Program Details; provided that (x) you are responsible for the compliance of your Representatives hereunder and (y) such Representatives shall be subject to a written confidentiality agreement or otherwise subject to fiduciary obligations of confidentiality covering the confidential treatment of Confidential Information, with confidentiality restrictions no less protective than those provided in this Agreement and (iii) otherwise as required by Applicable Law, upon written notification to EPN. Upon termination of this Agreement or your participation in a Program, you must destroy or return any Confidential Information provided to you under this Agreement and, if requested by EPN, provide a certification of destruction.
  2. Term and Termination.
     
  1. Term. The term of this Agreement begins when you accept the terms of this Agreement at registration and shall continue until terminated in accordance with the terms of this Agreement. EPN’s rejection of your application automatically terminates the Agreement.
  2. Termination by Affiliate You may terminate this Agreement upon three (3) days’ written notice.
  3. Termination by EPN or an Advertiser
    1. Without Cause. EPN may terminate (i) this Agreement, (ii) your account, (iii) any of your Agents, (iv) your use of a Promotional Method, or (v) your participation in a certain Program, at any time for convenience in its sole discretion upon three (3) days’ notice.
    2. With Cause. EPN may terminate (i) this Agreement, (ii) your account, (iii) any of your Agents, (iv) your use of a Promotional Method, or (v) your participation in a certain Program, for cause with immediate effect. Incidents that may cause EPN to terminate this Agreement for cause include, but are not limited to:
      1. If EPN suspects that you or your Agent are responsible for the improper functioning of Links, Promotional Content or Promotional Tools or if you otherwise interfere with or fail to maintain the Tracking Code.
      2. If a third party disputes your right to use any link, domain name, trademark, service mark, trade dress, or right to offer any service or good offered through any of your Promotional Methods.
      3. If EPN determines you are diluting, tarnishing, blurring or adversely affecting an Advertiser's proprietary rights.
      4. If EPN suspects that you or your Agent are engaging in deceptive practices or false advertising.
      5. If you engage an Agent who eBay has previously prohibited from participating in the Network.
      6. If you and EPN are unable to mutually agree upon a written remediation plan for your failure to comply with the obligatory portions of the eBay Supplier Code of Conduct as described in Section VII.A.
  4. Termination of Programs. Programs and Program Details may be discontinued at any time.
  5. Post-Termination.
    1. Upon termination EPN will deactivate all accounts that are linked to you as a participant in the Network. You shall no longer accrue payments in your account, including but not limited to subsequent Qualifying Events where the clicks on the Links occurred prior to termination. If EPN terminates this Agreement for cause, you may not register for the Network again or participate in the Network as an Agent for another Affiliate.
    2. Subject to the payment terms in Section V(D), upon termination of this Agreement, EPN will pay any outstanding payments to you within ninety (90) days of the termination date, and you must pay us any outstanding debit balance within thirty (30) days of the termination date. Upon termination of this Agreement, you must immediately remove all Promotional Methods. Provisions of this Agreement that by their nature and context are intended to survive the termination of this Agreement (e.g. audit, confidentiality, indemnification, limitation of liability, misc., etc.), shall survive the termination of this Agreement to the extent that and as long as is necessary to preserve a party’s rights under this Agreement that accrued prior to termination.
  1. Representations, Warranties, and Disclaimer of Warranties.
     
  1. Authority. You represent and warrant that you are over 18 years of age and authorized to consent to this Agreement, the EPN Privacy Notice, the DPRA, and applicable Program Details on behalf of your company, if applicable.
  2. Compliance with Law. You represent and warrant that your participation in the Network and the Programs is and shall be in compliance at all times with (1) Applicable Law and (2) the best practices in any jurisdiction in which you target your Promotional Methods.
  3. Non-Infringement Warranties. You represent and warrant that (1) you have all appropriate authority to operate and to provide content on your website(s); (2) you have all appropriate authority to use any Promotional Method you may choose to use; and (3) any Promotional Content you create, your website(s), any trade names or trademarks used in connection with the Network, and your Promotional Methods do not and shall not infringe any third party's or eBay's intellectual property or proprietary rights.
  4. Not Currently Under Investigation. You warrant that you are not currently under order or investigation by any federal, state, local or international regulatory or law enforcement organization. You must inform EPN if you become under such order or investigation at any point during your participation in the Network.
  5. Disclaimer of Warranties. EXCEPT AS SET FORTH IN THIS AGREEMENT, EPN MAKES NO OTHER REPRESENTATION OR WARRANTY, INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY AND OF FITNESS FOR A PARTICULAR PURPOSE.
  1. Indemnification Obligations; Limitation of Liability.
     
  1. Indemnification Obligations. You shall defend, indemnify and hold harmless EPN and the Advertisers and their respective officers, directors, employees, corporate affiliates, subsidiaries, agents, and subcontractors (collectively, the “Indemnified Party ”) against all claims, liabilities and expenses claimed or incurred by an Indemnified Party as a result of any third party claim (collectively, “Claims ”) directly or indirectly arising from or related to (1) any breach by you or your Agents of this Agreement or the Program Details, (2) violation by you or your Agents of Applicable Law, (3) distribution or use of Promotional Methods or Promotional Tools by you, your Agents, or anyone else that you are affiliated with, including, without limitation, any claims relating to advertisements or content; (4) acts or omissions by you or your Agents in using, displaying or distributing any Links, including but not limited to your use of Links in Promotional Methods; (5) any claim that the Indemnified Party is obligated to pay tax obligations in connection with payment made to you pursuant to this Agreement or any Program Details, (6) any violation or alleged violation of any rights of another, including breach of a person’s or entity’s intellectual property rights, (7) your and your Agents participation in the Network or Program(s), and (8) claims arising in connection with any goods or services you or your Agents make available to any person. Should any Claim give rise to a duty of indemnification under this Section, the Indemnified Party shall promptly notify you and will cooperate with you at your expense in the defense of such Claim. The Indemnified Party will be entitled, at its own expense, to participate in the defense of such Claim. Should any Claim give rise to a duty of indemnification, you are obligated to participate in the defense of such claim if requested to do so by the Indemnified Party. Participation in the defense shall not waive or reduce any of your obligations to indemnify or hold the Indemnified Party harmless. You shall not settle any Claim without the Indemnified Party’s prior written consent, and you shall indemnify for any reasonable attorneys ’fees or other costs incurred by an Indemnified Party in investigating or enforcing this Section.
  2. Limitation of Liabilities. ANY OBLIGATION OR LIABILITY OF EPN UNDER THIS AGREEMENT SHALL BE LIMITED TO THE TOTAL OF THE PAYMENTS EPN PAID TO YOU UNDER THIS AGREEMENT DURING THE TWELVE MONTHS IMMEDIATELY PRECEDING THE CLAIM. THE EXISTENCE OF ONE OR MORE CLAIMS WILL NOT ENLARGE THE LIMIT. NO ACTION, SUIT OR PROCEEDING SHALL BE BROUGHT AGAINST EPN PURSUANT, OR IN ANY WAY RELATED, TO THIS AGREEMENT MORE THAN ONE YEAR AFTER THE TERMINATION OF THIS AGREEMENT. YOU AGREE THAT NEITHER EPN NOR EBAY SHALL BE LIABLE TO YOU, OR ANY THIRD PARTY, FOR ANY CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL OR PUNITIVE DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, INCLUDING, BUT NOT LIMITED TO LOSS OF GOODWILL, LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR OTHER DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR CLAIM.
  3. Remedies. No remedy or election shall be deemed exclusive but shall, wherever possible, be cumulative with all other remedies at law or in equity.
  4. Benefit of the Bargain. The provisions of this Section are an essential element of the benefit of the bargain reflected in this Agreement.
  1. Miscellaneous.
     
  1. Choice of Law/Attorneys’ Fees. This Agreement and the Program Details are governed by the laws of the State of California (USA), except for its conflict of law provisions. The exclusive forum for any actions related to this Agreement and the Program Details shall be in the state courts and, to the extent that federal courts have exclusive jurisdiction, in San Jose, California. The parties consent to such venue and jurisdiction and waive any right to a trial by jury. The application of the United Nations Convention on the International Sale of Goods is expressly excluded. Your access or use of the Network where illegal is prohibited. You expressly waive and withdraw your rights under any law or statute conferring jurisdiction on the basis of nationality to courts other than the ones expressly designated above.
  2. English You accept that the English versions of this Agreement, the EPN Privacy Notice , the DPRA, and the applicable Program Details found on the registration page located here shall be controlling in all respects. Translations of these documents that may be provided are for your convenience only.
  3. Amendment. EPN may amend this Agreement by notifying you by email to the address on your account. Except as stated otherwise in this Agreement or elsewhere, all amended terms shall become effective three (3) days after they are initially published on the Network website. EPN may establish from time to time rules and regulations for the Network as published on the Network website or in the Network and incorporated herein.
  4. Assignment. Neither party may assign this Agreement without the prior written approval of the other party. Notwithstanding the foregoing, your consent shall not be required for EPN's assignment or transfer (1) due to operation of law, or (2) to an entity that acquires substantially all of EPN's stock, assets or business, or (3) to a related entity (e.g., parent or subsidiary of parent).
  5. Force Majeure. EPN shall not be liable for any delay in performing or failure to perform its obligations hereunder, or for suspension or termination of services under this Agreement, to the extent that and for so long as the delay, failure, suspension, or termination results from or is necessitated by any act, event, non-happening, omission or accident beyond its reasonable control (a "Force Majeure Event"). Force Majeure Events shall include but not be limited to war, strikes, industrial action, lock outs, internet downtime, accidents, fire, blockade, import or export embargo or other international sanctions, terrorism or threat of terrorism, natural catastrophes or any other cause beyond their commercially reasonable control. In the event of a Force Majeure Event, EPN may make changes to the affected aspects of the Program Details (including without limitation the Rate Card) without providing any advance notice. 
  6. Intended beneficiaries. Although Advertisers are explicitly designated as third-party beneficiaries to this Agreement in relation to rights they wish to rely upon or enforce against the Affiliates, in no circumstance may Affiliates or their Agents rely upon or enforce any terms of this Agreement against Advertiser. Agents shall not be deemed third-party beneficiaries pursuant to this agreement and may not rely upon or enforce any terms of this Agreement against EPN.
  7. No Partnership or Joint Venture. Nothing in this Agreement shall be construed as creating a partnership, joint venture or agency relationship of any kind between the parties. Neither party shall have the authority or power to bind the other or to contract in the name of or create a liability against the other in any way or for any purpose.
  8. Notices. All notices must be in writing. Notices will be deemed given: (1) if delivered in person, upon receipt; (2) if delivered by registered mail, return receipt requested, or by an internationally recognized express mail carrier, upon delivery; or (3) if delivered by email, upon delivery. Notice may only be sent to EPN in person or by registered mail at: eBay Partner Network, Inc., Attn: Legal Dept., 2145 Hamilton Avenue, San Jose, CA 95125. Notices may be sent to you via any of the methods described above according to the information provided by you in your account.
  9. Severability/No Waiver. If any provision of this Agreement is held by any court of competent jurisdiction to be illegal, null or void or against public policy, the remaining provisions of this Agreement shall remain in full force and effect. The Parties shall in good faith attempt to modify any invalidated provision to carry out the stated intentions in this Agreement. The waiver of any breach of any provision under this Agreement by any Party shall not be deemed to be a waiver of any preceding or subsequent breach, nor shall any waiver constitute a continuing waiver.
  10. Entire Agreement. This Agreement, including the EPN Privacy Notice (available at https://partnernetwork.ebay.com/legal#privacy-notice ), the DPRA, and applicable Program Details, in each case incorporated herein by reference, is the entire agreement between the parties pertaining to its subject matter and supersedes all prior written or oral agreements (including prior versions of this Agreement and any conflicting confidentiality agreements), representations, warranties or covenants between the parties with respect to such subject matter.

 

 

Exhibit A: Code of Conduct

Code of Conduct

To promote ethical and legal business practices, EPN requires that all Affiliates comply with the requirements in this Code of Conduct (“Code of Conduct ”).

Contents

 

  1. Guidelines and Accepted Promotional Methods. Subject to the EPN Browser Extension Policy located at https://partnernetwork.ebay.com/page/browser-extension-policy-update and to the licenses granted in Section VIII of the Agreement:
    1. Links. EPN may provide you with Links to promote Participating Sites and Content. You may not modify a Link unless it is specifically designed to be modified, and then only within the parameters provided by EPN. If the Links you use are not dynamically updated, you must update the Links upon notification from EPN.
    2. Promotional Content. EPN may provide you with pre-approved Promotional Content. You may not modify any of this Promotional Content without obtaining EPN's prior written approval. For example, removing watermarks from (or otherwise editing) an image provided by EPN is prohibited unless you have received EPN's prior written approval. If you wish to create your own Promotional Content, you must first obtain EPN's prior written approval. If EPN requests, you must stop using any Promotional Content. All Promotional Content that you create must comply with the Agreement, this Code of Conduct, and any additional restrictions or guidance provided to you by EPN.
    3. Promotional Tools. EPN may provide you with Promotional Tools for creating your own Promotional Content; for example, an API platform. You agree to:
      1. Obtain EPN's prior written approval if you create new tools and applications using the Promotional Tools.
      2. Use any Promotional Tools only in a lawful manner and only in accordance with the terms of this Agreement and any additional terms applicable to the Promotional Tool;
      3. Use any Promotional Tool only for the Participating Sites and Content for which it is intended. You may not use any Promotional Tools to drive transactions for any other sites or content;
      4. Not corrupt, modify or disable the Promotional Tools; and
      5. Not sell, redistribute, sublicense or transfer the Promotional Tools.
    4. Prior Consent. Unless expressly permitted under this Code of Conduct, all Promotional Methods are subject to EPN's prior written approval, which may be revoked in EPN's sole discretion at any time. You agree that you will immediately terminate any Promotional Method at any time at EPN's request. EPN's approval of any Promotional Method shall be limited to the Program for which it was approved.
    5. Clear and Not Deceptive. All Promotional Methods you use must be clearly recognizable as an advertisement for the relevant Participating Sites and Content and not deceptive. You must also secure permission before using any materials protected by third parties’ intellectual or proprietary rights (including without limitation copyrights, trademark rights, patent rights and rights of publicity).
    6. Social Media.  You may use Links on social media sites that allow posting of affiliate marketing links. It is permitted to use URL shortening services offered by eBay (eBay.us), Bitly (Bit.ly), Google (Goo.gl and FDL), Hootsuite (Ow.ly), Buffer (Buff.ly) and Geniuslink (geni.us) to promote through your social media accounts.
    7. Disclosure about Relationship with EPN.  FOR ALL PARTNERS GLOBALLY, regulatory agencies in your country mandate some form of disclosure regarding your relationship to EPN. For example, in the United States the Federal Trade Commission requires disclosure of any material connection or relationship when you endorse or promote a product or service to your readers, unless the connection is already clear from the context of the communication containing the endorsement/promotion. Affiliate links are considered such a material connection. Depending on your primary business location, you will also have legal requirements to disclose your affiliate relationship. EPN has developed a set of informational guidelines to help you understand the requirements for your location, which can be found here: Affiliate Disclosure FAQ . EPN will conduct checks from time to time to ensure you are in compliance with regulatory requirements globally. 

This information is not legal advice, and is provided only as informational guidance. You are required to ensure you meet all legal requirements for your area, and are advised to consult legal counsel to ensure you are in legal compliance with your regulators. 

  1. Personal Network. You may promote to your family members, relatives, and friends in accordance with the policies in this Code of Conduct. However, the products purchased must be used for their personal use, and not for resale.
  2. Search Engine Optimization Guidelines. Your domain name, title and description of your website and the metatags you use must be relevant to the Promotional Content and your website must only appear in a search engine’s result when the content of your website relates to the applicable search query. Your search engine optimization methods must comply with guidelines or best practices published by the applicable search engine.
  3. Paid Traffic Sources.
  1. If you buy paid traffic, linking from paid placements or paid search placements to a non-Advertiser domain is allowed as long as you do not immediately or automatically redirect end users to Advertiser sites and services. Also, if you buy traffic to your sites through sponsored links, you must ensure that all campaigns add these domains to their list of excluded sites, and add “eBay ”as a negative keyword.
  2. Linking from social media advertising methods (e.g. Facebook boosted Posts) directly to the Advertiser’s domain is permitted.
  1. Compliance with Applicable Laws. As required in Section XI (B) of the Agreement, you are required to comply with all relevant laws and regulations associated with your participation in the Network. Accordingly, you are responsible to ensure that all marketing and advertising materials you use in participating in the Network comply with all applicable laws and regulations. For example, local laws may require you to display base unit price (BUP), energy consumption labeling (EEK), and other specific information when advertising certain products via Product Listing Ads or similar methods, which you must comply with if applicable to you.
  1. Restricted Promotional Methods. You may not engage in the following Promotional Methods without the prior written approval of EPN. The application to get an approval can be made from here.
    1. Incentive Programs. Your Promotional Methods may not directly or indirectly offer any reward or incentive for any Qualifying Event without EPN's prior written approval. Any subsequent change to an approved incentive program also requires EPN's prior written approval.
    2. Electronic Communications. You may not promote Participating Sites and Content using email or other forms of electronic communication (for example, SMS, instant messaging, or IRC) without EPN's prior written approval. If you are permitted to use such electronic communications:
      1. They must comply with the requirements of Applicable Law, such as the CAN-SPAM Act of 2003 as in effect at any given time.
      2. EPN's or Advertiser's name may not appear in the “from” line of the message.
    3. Paid Traffic Sources. Without EPN's prior approval, you may not direct traffic from Promotional Content or Links served by ad networks or their agents directly to Advertiser sites and services.
    4. Software Applications. You will not promote Participating Sites and Content using Software Applications without EPN's prior written approval. Such Software Applications must comply with the additional terms in this Section. EPN reserves the right to immediately terminate any Software Applications at any time, with or without notice or cause.
  1. Installation Requirements.
    1. Your Software Application may be provided only to end users who affirmatively consent to install it. Your Software Application may not trick end users into installing it.
      1. Before your Software Application is installed, you must clearly and conspicuously disclose the principal and significant functions.
      2. If your Software Application collects or transmits personal information about end users, you must clearly and conspicuously disclose this information in general terms and offer a full privacy policy. After you have made these disclosures, you must request an end user's consent to proceed with installation.
    2. EPN prohibits Software Applications installed in any type of bundle with other software of any kind without EPN's prior written approval. EPN shall determine in its sole discretion what functions constitute bundling, which may include installation bundling. For example, a function in a web browser software that affixes your company’s site as the browser’s start page would constitute a bundling arrangement between your company and the browser software.
    3. Your Software Application must be easy for end users to remove, using standard practices appropriate for the supported operating system(s) or other platform(s).
  2. Operation Requirements. Your Software Application may send a user to a Participating Sites and Content via a Tracking Code only in an immediate response to a user's deliberate and voluntary click (or, for a touch-capable device, tap) on a clearly-labeled Link. Except for any perpetual search box, toolbar button, or similar mechanism that is on screen at all times, your Software Application may not present ads for any other sites, services, Advertisers, or offers when a user visits Participating Sites and Content or when Participating Sites and Content is open on a user's computer or mobile device. Your Software Application is prohibited if in EPN's sole discretion it is likely to confuse the end user or trick the end user into thinking the Software Application is part of the Participating Sites and Content. 
  3. Advance Review and Approval by EPN. Before distributing any Software Application or participating in any Program, you must provide EPN with a complete statement of the characteristics of your Software Application. Before EPN provides its approval, you must integrate your Software Application with EPN so EPN may evaluate the integration and its effect on Advertisers ’brand and Advertisers’ customer experience. EPN will withhold all compensation for traffic directed through Software Applications not approved by EPN. If a new version of your Software Application makes material changes to your participation in the Network, you must provide EPN with a complete statement of such changes for written approval. For purposes of this Section, “material changes” include any change to the methods of installation of your Software Application, the partners who distribute your Software Application, or the circumstances in which your Software Application sends end users to Participating Sites and Content.
  4. Software Application Prohibited Behaviors.
  1. You may not promote the Network through any Software Application that provides, or purports to provide, sniping functionality; that automatically places bids on behalf of end users; or that automatically makes purchases on behalf of end users.
  2. You may not operate or distribute Software Applications or participate in any Programs through any Agents or other intermediaries.
  3. Subject to EPN's prior written approval, you may not use pop-ups, pop-unders, sliders, or sidebars to promote any Participating Sites and Content, nor may you modify the presentation or appearance of another web site as seen in a user's web browser. EPN may approve such practices if all such modifications are consistent with the user experience disclosed at the time of installation, if all modifications include clear and conspicuous labels disclosing the modification and provide a mechanism for end users to obtain details, if modifications are not likely to confuse end users, and if your offering in EPN's sole discretion genuinely delivers real and significant value to end users.
  4. Your Software Application may not attempt to evade testing, and may not attempt to conceal its practices. The practices of your Software Application should be consistent when run in a virtual environment, from varying IP addresses, and at varying times of day and days of the week.
  5. Worms, viruses, and trojan horses are strictly prohibited.
  1. Using Software Applications Provided by Others. If you contract, directly or indirectly, to use a Software Application provided by another person or entity, you are responsible for complying with the requirements of this Section exactly as if the Software Application were your own.
  1. Use of AI tools: .

a.  You may not promote the Network through any generative artificial intelligence model or tool (“GenAI”) licensed from or otherwise made available by a third-party (“GenAI Provider”) if the tool ingests any eBay Data or information regarding eBay without the prior written consent of EPN.

b. Any partner using GenAI to promote the Network must do so within the DPA Requirements outlined here.

  1. Additional Restricted Promotional Methods . Any Promotional Method that is not expressly permitted or prohibited under this Code of Conduct is a Restricted Promotional Method and cannot be used without EPN's prior written approval. Examples of these include:
  1. distribution of Promotional Content via Agents, distribution partners, or via ad networks;
  2. promotional Content created by a developer’s program tool or API; or holding in-person trainings and classes.
  1. Prohibited Promotional Methods. You may not engage in the following Promotional Methods
    1. Cookie Stuffing. You may not stuff cookies or other tracking tags on an end user's computer without any affirmative action by the end user. End users that are only viewing your website, Promotional Content or advertisements or while your applications are merely active or open have not taken any affirmative actions.
    2. Non-Bona Fide Qualifying Events.  You may not cause Qualifying Events to be made in bad faith, including but not limited to using invisible methods to generate impressions, clicks or transactions that are not initiated by the affirmative and genuine action of an end user, or using any cookie, device, program, robot, iframe or hidden frame, pop-up window or any other operation or process that interferes with EPN's ability to properly identify and track transactions. Any method that artificially generates clicks, impressions, or activity is prohibited. This includes, but is not limited to, clicks or impressions generated when you or your Agents click on your own Promotional Content containing Tracking Code, automated clicking tools or traffic sources, robots, or other deceptive software. To be considered valid, clicks and conversions must result from genuine user interest. EPN will use its sole discretion to determine instances of invalid click activity, which may come in different forms and may include activity not due to any deliberate action on your part. EPN is not obliged to disclose details about the functioning of EPN's fraud detection systems. Because EPN needs to protect its proprietary detection system, EPN may be unable to provide you with all information about your account activity, including any web pages, end users, or third-party services that may have been involved in fraudulent activities.
    3. Improper Influence. You may not make your own advertising claims. You may not interfere with or seek to improperly influence the referral of an end user to Participating Sites and Content. You may not mislead or trick an end user in any way into clicking on a Link. It must be clear for end users where they are being directed at all times.
    4. Middle Servers and URL Cloaking Services. You may not redirect any traffic to middle servers for the purpose of masking your referring source of traffic. This includes any URL shortening services other than the ones noted in Section I.F.
    5. Unacceptable Placements.
      1. Your Promotional Methods may not incorporate any topics that EPN in its sole discretion considers to fall in any of the following categories:
        1. sexually explicit materials
        2. violence
        3. firearms or weapons
        4. illegal goods, services or activities
        5. gambling or betting
        6. discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age
        7. libel or defamation
        8. content aimed at children
        9. content that is otherwise misleading, obscene or hate-oriented
        10. sniping functionality (meaning the act of including Links in software or a service that automatically places bids or makes purchases via Buy It Now on behalf of eBay members)
        11. malicious functionalities, such as malware or spyware
      2. Your Promotional Methods may not engage in misleading activities with respect to title and page description, search engine manipulation, the unlawful use of meta-tags, or otherwise in any manner that EPN in its sole discretion would consider to fall within any of the following categories:
  1. typo-squatting
  2. domain-parking
  3. banner-farming
  4. comment-spamming
  1. Your Promotional Methods may not violate the EPN Browser Extension Policy ( https://partnernetwork.ebay.com/page/browser-extension-policy-update ) or:
  1. serve a pop-up or pop-under for any Participating Sites and Content in connection with other pop-ups or pop-unders, except to the extent such pop-ups or pop-unders have been disclosed to and approved by EPN as part of a browser extension that was approved by EPN as a Software Application under Section II [Restricted Promotional Methods], above.
  2. contain dialers or any software that is automatically downloaded without express consent from the end user.
  1. Paid Traffic Sources. You may not purchase any keywords or search terms that (a) incorporate in part or in full any of eBay's trademarks (including without limitation eBay and Half), trade names, company names, brands, shop signs, domain names or URLs (including the translations and transliterations), or any variations thereof.
  2. Misdirection, Redirection and Framing.
  1. You may not make any express or implied representations, or otherwise create an appearance that a visitor to your website and/or Promotional Content is visiting Participating Sites and Content, for example, by framing or wrapping a site in any manner. You may not design your Promotional Methods in a way that, in EPN's sole discretion, creates a likelihood of confusion with the website or emails belonging to the Advertiser.
  2. The URLs to which the Links direct end users must appear in the address line of the browser.
  3. The back button of the browser must be activated.
  4. You may not attempt to intercept or redirect traffic from or on, or divert compensation from, Participating Sites and Content or any other Affiliate.
  1. Promotional Content placed on an Advertiser website itself (for example, in your listings, your “About Me” page, and your store or eBay message boards), except to the extent such Promotional Content is an EPN approved browser extension that EPN approved as a Software Application under Section II [Restricted Promotional Methods], above.
  2. Promotional Content that promotes listings or behavior that violate the Advertiser's policies
  3. Redirecting end users from Advertiser sites and services to an Affiliate’s website where the end user could click a Link back to the Advertiser site or service

 

 

Exhibit B: eBay Data Protection Requirements Addendum

Click to open

 

eBay Controller to Controller Data Protection Requirements Addendum

This Controller to Controller Data Protection Requirements Addendum and any applicable Schedules, Appendices,  Exhibits, or Annexes (this “DPRA” or “Addendum”) form part of the eBay Partner Network Agreement (the “Agreement”) and are concluded between the eBay Partner Network, Inc. (“EPN”) and  the applicable Advertiser(s) acting as Data Exporters, as specified in Annex III to the Standard Contractual Clauses (attached hereto as Schedule I) (“Advertiser(s)”, together with EPN referred to as "eBay" in this DPRA) as well as the party participating in EPN’s Network under the Agreement (“you” or “Affiliate”) (each a “Party” and collectively the “Parties”). All capitalized terms used, but not defined, in this DPRA have the meaning given to them in the Agreement. Lower case terms have the meaning given to them in European Data Protection Law.

  1. DEFINITIONS:
    1. “European Data Protection Law” means: (i) the General Data Protection Regulation of the European Union (Regulation 2016/679 of 27 April 2016) ("GDPR"); (ii) any applicable national/federal or state/provincial legislation implementing the GDPR in a member state of the European Economic Area; (iii) the GDPR as incorporated into United Kingdom law pursuant to s.3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) the Swiss Federal Data Protection Act of 25 September 2020 ("FDPA"); in each case as such legislation may be amended, modified, consolidated, re-enacted or replaced from time to time.
    2. "Personal Information” means: any information relating to an identified or identifiable natural person obtained by eBay or you (or any authorized third party or service provider used by you) through your participation in the Network and your use of Promotional Tools, including information that you collect directly from your users in connection with any Program you participate in, information that is included in tracking and reporting tools, or information that you otherwise receive from eBay, in each case to the extent that it relates to an identified or identifiable natural person.
    3. “Restricted Transfer” means: (i) where the GDPR applies, a transfer of personal data from the European Economic Area to a country outside of the European Economic Area which is not subject to an adequacy decision by the European Commission; (ii) where the UK GDPR applies, a transfer of personal data from the United Kingdom to any other country which is not based on adequacy regulations pursuant to Section 17A of the United Kingdom Data Protection Act 2018; and (iii) where the FDPA applies, a transfer of personal data from Switzerland to another country which is not subject to an adequacy decision by the Swiss Federal Council.
    4. “Standard Contractual Clauses” means: Schedule 1, attached hereto and forming part of this DPRA pursuant to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
  2. SCOPE, PURPOSES OF PROCESSING AND PURPOSE LIMITATIONS: 
    1. This DPRA applies to all Personal Information.  All Personal Information will be used/processed for participation in a Program and solely for the purpose of promoting Advertiser(s), as specified in the applicable Program Details.  
    2. You shall process Personal Information exclusively for the purpose(s) described under Section 2.1 above. Any further processing of the Personal Information is not permitted.The transfer of Personal Information by you to third parties for the own purposes of such third parties is not permitted.
    3. You shall erase the Personal Information received under this Addendum immediately after the respective purpose(s) described under Section 2.1 have been fulfilled. Any further processing of the Personal Information is not permitted except when legally required (i) where the GDPR applies, under EU or Member State law; (ii) where the UK GDPR applies, under UK law; and (iii) where the FDPA applies, under Swiss law; (e.g., if a retention obligation applies). 
  3. RELATIONSHIP AND DUTIES OF THE PARTIES: 
    1. Each Party shall process Personal Information received under this Addendum as a separate and independent controller. In no event will the Parties process Personal Information under this Addendum as joint controllers or in a Controller-to-Processor relationship. As such separate and independent controllers, each Party shall be individually and separately responsible and liable for complying with the obligations that apply to it as a controller under applicable data protection law. 
    2. Each Party will comply with its obligations under applicable data protection law (including but not limited to European Data Protection Law and supplementing EU and local data protection law, as applicable).
    3. Each Party shall in particular use Security Measures (defined below) (i) to ensure the protection of the rights and freedoms of any data subject under Art. 32 GDPR (or where applicable: Art. 32 UK GDPR and Art. 8 FDPA respectively), (ii) to ensure the security of Personal Information from any unauthorized access, (iii) to protect the availability, confidentiality, and integrity of any Personal Information collected, accessed, used, or transmitted by a Party in connection with this Agreement (including but not limited to appropriate data protection and disaster recovery) and (iv) to protect and secure any hosts, networks, applications, and physical premises used while performing under the Agreement. “Security Measures” mean commercially reasonable security-related policies, standards, and practices commensurate with the size and complexity of each Party’s business, the level of sensitivity of the data collected, handled and stored, and the nature of business activities, provided that all such policies, standards, and practices shall, at a minimum, comply with any Applicable Laws and Regulations and shall consider information security management systems, physical security, physical access control, access control to systems, access control to data, disclosure control, input control, security and privacy enhancing technologies, awareness, training and security checks in relation to the personnel of each Party (job control), availability control, segregation control, incident response management/business continuity and audit controls/due diligence.
  4. Application of Standard Contractual Clauses:  To the extent any Party accesses any Personal Information collected by another Party under the Agreement, and the access is a Restricted Transfer, then such Restricted Transfer will be subject to the Standard Contractual Clauses, attached hereto as Schedule 1. No Party shall transfer Personal Information unless such transfer is subject to a lawful transfer mechanism. Each Party shall ensure that it only transfers Personal Information to third parties in line with Section 2 subject to a lawful transfer mechanism under European Data Protection Law.  
  5. Effect on Existing Agreements and Conflicts: Except as specifically modified by the terms of this Addendum, the terms, rights and responsibilities under the Agreement shall remain in full force and effect at all times. If and to the extent language in this Addendum or any of its exhibits or annexes conflicts with the Agreement, this Addendum or any of its exhibits or annexes shall control. If and to the extent language in this Addendum conflicts with any of its exhibits or annexes, the exhibits or annexes shall control.
  6. Continued Compliance.  If requested by eBay in order to comply with applicable laws, you shall enter into any additional terms necessary to enable eBay   to comply with applicable laws.

 

SCHEDULE 1: STANDARD CONTRACTUAL CLAUSES

(CONTROLLER-CONTROLLER)

SECTION I

Clause 1

Purpose and scope

  1. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
  2. The Parties:
    1. the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
    2. the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)

have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).

  1. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
  2. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2

Effect and invariability of the Clauses

  1. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
  1. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

  1. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
  1. Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
  2. Clause 8.5 (e) and Clause 8.9(b);
  3. Clause 12(a) and (d);
  4. Clause 13;
  5. Clause 15.1(c), (d) and (e);
  6. Clause 16(e);
  7. Clause 18(a) and (b).
  1. Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

  1. Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
  1. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
  2. These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7

Docking clause

  1. An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
  1. Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
  2. The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1   Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B. It may only process the personal data for another purpose:

  1. where it has obtained the data subject’s prior consent;
  2. where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
  3. where necessary in order to protect the vital interests of the data subject or of another natural person.

8.2   Transparency

  1. In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:
  1. of its identity and contact details;
  2. of the categories of personal data processed;
  3. of the right to obtain a copy of these Clauses;
  4. where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.
  1. Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.
  2. On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.
  3. Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.3   Accuracy and data minimisation

  1. Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.
  1. If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.
  2. The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.

8.4   Storage limitation

The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation of the data and all back-ups at the end of the retention period.

8.5   Security of processing

  1. The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
  1. The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
  2. The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  3. In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.
  4. In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.
  5. In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.
  6. The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.

8.6   Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.

 

8.7   Onward transfers

The data importer shall not disclose the personal data to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:

  1. it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
  2. the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;
  3. the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;
  4. it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;
  5. it is necessary in order to protect the vital interests of the data subject or of another natural person; or
  6. where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

8.8   Processing under the authority of the data importer

The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.

 

8.9   Documentation and compliance

  1. Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.
  1. The data importer shall make such documentation available to the competent supervisory authority on request.

Clause 9

Intentionally left blank.

Clause 10

Data subject rights

  1. The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request. The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.
  1. In particular, upon request by the data subject the data importer shall, free of charge:
    1. provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);
    2. rectify inaccurate or incomplete data concerning the data subject;
    3. erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.
  2. Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.
  3. The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:
    1. inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and
    2. implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.
  4. Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.
  5. The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.
  6. If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.

Clause 11

Redress

  1. The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
  2. In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
  3. Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
  1. lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
  2. refer the dispute to the competent courts within the meaning of Clause 18.
  1. The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
  2. The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
  3. The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

Clause 12

Liability

  1. Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
  2. Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
  3. Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
  4. The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
  5. The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

Clause 13

Supervision

  1. Where the data exporter is established in an EU Member State: The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
  1. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.
  1. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.
  1. The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14

Local laws and practices affecting compliance with the Clauses

  1. The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
  1. The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
      1. the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
      2. the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
      3. any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
    1. The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
    2. The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
    3. The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
    4. Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

    Clause 15

    Obligations of the data importer in case of access by public authorities

    15.1   Notification

    1. The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
    1. receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
    2. becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
    1. If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
    2. Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.). 
    3. The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
    4. Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

    15.2   Review of legality and data minimisation

    1. The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
    1. The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request. 
    2. The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

    SECTION IV – FINAL PROVISIONS

    Clause 16

    Non-compliance with the Clauses and termination

    1. The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
    1. In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
    2. The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
      1. the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
      2. the data importer is in substantial or persistent breach of these Clauses; or
      3. the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

    In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

    1. Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
    2. Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

    Clause 17

    Governing law

    These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Germany.

     

    Clause 18

    Choice of forum and jurisdiction

    1. Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
    1. The Parties agree that those shall be the courts of Germany.
    2. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
    3. The Parties agree to submit themselves to the jurisdiction of such courts.


     

     

    APPENDIX

    1. ANNEX I

    A.   LIST OF PARTIES

    Data exporter(s): Advertiser(s) or you when you transfer data directly to EPN. The Advertiser(s) which could be acting as the data exporter(s) and controller(s) under the Agreement is/are the entities as identified in ANNEX III that transfer(s) personal data to the data importer.

     

    Address: Advertiser(s) as Exporter(s): see Annex III 

     

    You as Exporter: As specified in your EPN account.

     

     

    Contact Person’s Name, position and contact details:

    Advertiser(s) as Exporter(s): see Annex III

    You as Exporter: Contact person indicated in your EPN account.

    Signature and date: The Parties agree that execution of the Agreement by EPN and the Affiliate shall constitute execution of the Clauses by the Parties on the effective date of the Agreement.

    Role (controller/processor): Controller

    Data importer(s): You as a controller under the Agreement or EPN.

     

    Address: You as Importer: As specified in your EPN account.

     

    EPN as Importer: see Annex III

     

     

    Contact Person’s Name, position and contact details:

    You as Importer: Contact person indicated in your EPN account.

    EPN as Importer: see Annex III

    Signature and date: The Parties agree that execution of the Agreement by EPN and the Affiliate shall constitute execution of the Clauses by the Parties on the effective date of the Agreement.

    Role (controller/processor): Controller

    Data transfers from the UK:

     

    To the extent the data exporter(s) is/are subject to the UK GDPR and the data importer is not located in a country recognized by the UK as providing an adequate level of data protection, which currently includes countries within the EU, the EEA, Gibraltar, Andorra, Argentina, Faeroe Island, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, Japan and Canada, the Parties incorporate and agree on the UK Addendum to the EU Commission Standard Contractual Clauses issued by the Information Commissioner’s Office under S119A(1) Data Protection Act 2018, VERSION B1.0, in force as of 21 March 2022 (or in the currently valid version in accordance with Section 18 UK Addendum). To the extent required, the Tables 1 to 3 of the UK Addendum shall be completed with the corresponding information in the Appendix of the Standard Contractual Clauses. In addition, the Parties agree that no separate signature is required for the purposes of Section 2 UK Addendum (Table 1) and that neither Party may end the UK Addendum as set out in Section 19 UK Addendum (Table 4).

     

    Data transfers from Switzerland:

     

    To the extent the data exporter(s) is/are subject to the Swiss Federal Data Protection Act (FDPA) and the data importer is not located in a country recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC) as providing an adequate level of data protection, which currently includes countries within the EU, the EEA, Gibraltar, Andorra, Argentina, Faeroe Island, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Uruguay and Canada, the parties agree to amend the Standard Contractual Clauses as follows, provided that none of these amendments will have the effect or be construed to amend the Standard Contractual Clauses in relation to the processing of personal data under the GDPR. In relation to personal data that is processed in and exported from Switzerland by the data exporter(s), references to a “member state” or to the “EU” in the Standard Contractual Clauses will be deemed to include Switzerland, in particular enabling data subjects in Switzerland to sue for their rights in their place of habitual residence in 

    accordance with Clause 18 c.; references to Regulation (EU) 2016/679 will be deemed to be references to equivalent provisions of the FDPA; and the FDPIC will be the sole or, where both the FDPA and the GDPR apply to such transfer, one of the competent data protection authorities, under the Standard Contractual Clauses, the other one being defined in Section C. below.

     

    For the avoidance of doubt: A Restricted Transfer may be subject to more than one transfer mechanism under European Data Protection Law (e.g., both the GDPR and the UK GDPR may apply). Accordingly, the Standard Contractual Clauses shall apply to such transfers both in their original and in their amended version as applicable.    

     

    B.   DESCRIPTION OF TRANSFER

    Categories of data subjects whose personal data is transferred

    eBay users’ and/or your users’ Personal Information transferred to the data importer in connection with your participation in the Program (as those terms are defined in the Agreement), at the direction of, or on behalf of the data exporter. 

    Categories of personal data transferred

    Information related to end users (i.e. eBay users and/or your users) provided to the data importer through participation in the Network by (or at the direction of) the data exporter or as otherwise described in the Agreement.

    Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

    N/A

    The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

    Personal Information may be transferred on a continuous basis in accordance with the terms of the Agreement.

    Nature of the processing

    The data importer will process Personal Information in connection with the participation in the Network in accordance with this DPRA or the Agreement.

    Purpose(s) of the data transfer and further processing

    The data importer will process Personal Information in order to participate in the Network, which includes promoting Advertiser(s), as specified in the applicable Program Details.

    The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

    The data importer will delete the Personal Information on the earlier of: (i) when required by the data importer’s data privacy and data retention policies; (ii) when requested by eBay or by the applicable end user; (iii) when it is no longer necessary for data importer’s purposes; (iv) when the data importer’s participation in the Program is terminated.

    For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

    N/A

    C.   COMPETENT SUPERVISORY AUTHORITY

    Identify the competent supervisory authority/ies in accordance with Clause 13

    Depending on the specific service(s) affected by the Clauses as well as the data exporter(s) involved the competent authority is the following:

    Advertiser(s) as Exporter(s): see Annex III

    You as Exporter: the supervisory authority competent for you as per European Data Protection Law  




     

    ANNEX II

    TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

     

    The data importer shall comply with the requirements set forth in the Information Security Requirements Exhibit that forms part of the Agreement.  Further, the Parties agree on the Supplementary Measures as listed in ANNEX IV.  

     

    ANNEX III

    DATA EXPORTER 

    The following entities may act as data exporters under these Clauses, as applicable:

     

    Name

    Address

    Data Protection Officer Contacts

    Supervisory Authority (DPA)

    1.  

    eBay GmbH

    Albert-Einstein-Ring 2-6, 14532 Kleinmachnow, Germany

    DPO Contact Form

    Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg

    (DPA of the German state of Brandenburg)

    1.  

    eBay (UK) Limited

    1 More London Place, London, SE1 2AF, United Kingdom

    Company number; 03726028

    DPO Contact Form

    Information Commissioner’s Office (UK DPA)

    1.  

    eBay Marketplaces GmbH

    Helvetiastrasse 15/17, 3005 Bern, Switzerland

    DPO Contact Form

    Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (Swiss DPA)

    Role of the data exporter/s: Controller

    Activities relevant to the data transferred under these Clauses: See Annex I, Section B.

     

    DATA IMPORTER

    The following entity may act as a data importer under these Clauses besides you, as applicable:

    Name

    Address

    Data Protection Officer Contact

    eBay Partner Network Inc.

    2145 Hamilton Avenue, San Jose, CA 95125, United States of America

    DPO Contact Form

    Role of the data importer: Controller

    Activities relevant to the data transferred under these Clauses: See Annex I, Section B.



     

    ANNEX IV

    ADDITIONAL SAFEGUARDS TO THE STANDARD CONTRACTUAL CLAUSES (“SUPPLEMENTARY MEASURES”)

     
    1. Nothing in these Supplementary Measures shall limit or exclude any rights of data subjects granted in the Clauses or applicable data protection laws, in particular the General Data Protection Regulation (GDPR) or any obligations of either Party arising from or in connection with the Clauses.

    1. General requirements

    The Parties undertake to adapt or replace these Supplementary Measures as soon as the European Commission makes available any mechanism that provides adequate safeguards for the transfer of personal data to the data importer. The same applies to adjustments following recommendations of the European Commission and/or the competent data protection authorities.

    2. Processing restrictions

    Data importer will not disclose personal data except (1) as data exporter directs or (2) where the transfer is in accordance with the provisions of the Clauses and these Supplementary Measures.

    3. Data access for public authorities

    Notwithstanding Clause 15 of the Clauses, data importer warrants the following:

    3.1 Data importer agrees to adopt 

    (a) adequate internal policies with clear allocation of responsibilities for data transfers, reporting channels and standard operating procedures for cases of covert or official requests from public authorities to access the data;

    (b) strict and granular data access and confidentiality policies and best practices, based on a strict need-to-know principle.

    Data importer will regularly review these internal policies to assess their suitability and identify and implement additional or alternative solutions when necessary.

    3.2 If data importer is contacted with a legally binding request from a public authority, including judicial authorities, or becomes aware of any direct access by a public authority to the personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination, data importer will attempt to redirect the public authority to request that personal data directly from data exporter instead.

    3.3 Data importer will only provide personal data if, and to the extent that, it is necessary and proportionate to comply with a legally binding request. Data importer will not provide any public authority: 

    (a) blanket, or unfettered access to personal data; 

    (b) encryption keys used to secure personal data or the ability to break such encryption; or 

    (c) access to personal data if data importer is aware that the personal data is to be used for purposes other than those stated in the legally binding request.

    3.4 In support of the above, data importer may provide data exporter’s basic contact information to the public authority. The data importer will notify data exporter in this case, unless data importer is legally restricted to do so.

    3.5 The data importer agrees to document the steps taken pursuant to Sections 3.1-3.4 for the duration of the contract and make it available to the competent supervisory authority upon request.

    4. Encryption

    The data importer warrants that (1) it has not purposefully created back doors or similar programming that could be used to access the system and/or personal data, (2) it has not purposefully created or changed its business processes in a manner that facilitates access to personal data or systems, and (3) that national law or government policy does not require the importer to create or maintain back doors or to facilitate access to personal data or systems or for the importer to be in possession or to hand over the encryption key.

     

    Information Security Requirements

    By participating in the Network, you (as defined in the eBay Partner Network Agreement, to which this is attached) agree to comply with the terms and conditions of THIS EBAY INFORMATION SECURITY REQUIREMENTS EXHIBIT (this “ISR”).

    This ISR prescribes the minimum cyber and information security standards that you, your agents and assigns must meet and maintain in order to protect eBay Data from Incident or Compromise (defined below) during the term of the EPN Network Agreement (“Terms”) and for any period thereafter during which you, your agents or assigns has possession of or access to any eBay Data. 


     

    1. Definitions.
    1. “Compromise” means without restriction: destruction, loss, misuse, theft or unauthorized access, acquisition, alteration, collection, disclosure, exposure, manipulation, retention, storage, or transfer; 
    1. eBay Data” means any non-public data or information (regardless of form, e.g., electronic, paper copy, etc.) that is supplied by or made available by eBay;
    1. Incident” means any impairment to the security of eBay Data, including, but not limited to any alleged or confirmed misuse of eBay Data, or unauthorized access to or attempt to access eBay Data;
    1. “Industry Standard Encryption Algorithms and Key Strengths” means encryption should at least meet the following standard encryption algorithms (note: The algorithm and key strengths may change depending upon the new and most up-to-date industry standard encryption practice):

    i. Symmetric encryption:  AES (≥ 128-bit); 

    ii. Asymmetric encryption:  RSA (≥ 2048-bit), ECC (≥ 224-bit); 

    iii. Hashing:  SHA-2 (≥ 224-bit) with “salt” shall be added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings;

    iv. Transport Layer Security (TLS): where transmissions are encrypted using the TLS protocol, TLS v1.2 signed using SHA2 shall be the minimum;


     

    1. Processing”, “Processes” or “Process” means any operation or set of operations which is performed upon eBay Data, whether by automatic means or not, including but not limited to collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
    1. Reasonable Security Measures” means commercially reasonable security-related policies, standards, and practices commensurate with the size and complexity of your business, the level of sensitivity of the data collected, handled and stored, and the nature of your business activities, provided that all such policies, standards, and practices shall, at a minimum, comply with any Applicable Laws and shall give due consideration to information security management systems, physical security, physical access control, access control to systems, access control to data, disclosure control, input control, security awareness, security training, security checks in relation to your Personnel (job control), availability control, segregation control, incident response management/business continuity and audit controls/due diligence;
    1. "Security Breach” means a Compromise of the security, confidentiality, integrity, availability or authenticity of eBay Data or of any Third-Party Information System in which eBay Data is Processed, or any act or omission that materially violates this ISR;
    1. Services” means any and all services that  performs or enables under the Terms;
    1. Third Party Information System” means any electronic network, electronic communication network, device, or group of (connected) devices used to Process, store, or transmit electronic information pursuant to the Services, including, but not limited to any device (mobile, table, or PDA) or media (thumb drive, CD, or similar) not directly owned, managed, or licensed by eBay, such as a personal mobile device or ’s computer servers;
    1. Personnel” means all agents, employees, independent contractors, and subcontractors working on behalf of , who are engaged in the Processing of eBay Data;


     

    1. Reasonable Security Measures.  

    You represent, warrant, and agree to use Reasonable Security Measures and Industry Standard Encryption Algorithms and Key Strengths to protect the confidentiality, integrity, and availability of any eBay Data Processed by you in connection with the Terms and to protect and secure any and all hosts, networks, applications, and physical premises used in any way to perform your responsibilities under the Terms.. You further represent, warrant and agree to implement additional security measures outlined below and to detect malware on any ads served by you or your partners to a person and to take appropriate actions to remove identified malware in a timely manner.


     

    1. Logical Security.


     

    1. Access Controls. You certify that you employ access control mechanisms that:
    1. prevent unauthorized access to eBay Data; 
    2. limit access to your Personnel with a business need to know; 
    3. follow the principle of least privilege allowing access to only the information and resources that are necessary under the Terms; and  


     

    1. Regular Review of Access Controls. You will maintain a process to review access controls on a minimum annual basis for all of your systems that contain eBay Data, including any system that, via any form of communication interface, can connect to the system on which eBay Data is stored. You will maintain the same processes of review and validation for any Third Party Information System you use to Process eBay Data.  

     

    1. Malicious Code Protection. All workstations and servers will run the current version of industry standard anti-virus software with the most recent updates available on each workstation or server. Virus definitions must be updated within twenty-four (24) hours of release by the anti-virus software vendor.


     

    1.  Security Management.
    1. Vulnerability Management. You must run internal and external network vulnerability scans at least annually and after any material change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades). Vulnerabilities identified and rated as high risk by you will be remediated within ninety (90) days of discovery.

     

    1. Application Security Assessments. For all Internet-facing applications that collect, transmit or display eBay Data, you agree to conduct an application security assessment review to identify common security vulnerabilities as identified by industry-recognized organizations (e.g., OWASP Top 10 Vulnerabilities; CWE/SANS Top 25 vulnerabilities) annually or for all major releases, whichever occurs first. At a minimum, it will cover the OWASP Top 10 vulnerabilities (https://www.owasp.org).

     

    1. Patch Management. You will patch all workstations and servers with all current operating system, database and application patches deployed in your computing environment according to a schedule predicated on the criticality of the patch. You must perform appropriate steps to help ensure patches do not compromise the security of the information resources being patched. All emergency or critical rated patches must be applied as soon as possible but at no time will exceed thirty (30) days from the date of release. 

     

    1. Encryption of Electronic Form Data in Transit and in Storage. You shall utilize Industry Standard Encryption Algorithms and Key Strengths to:
      1. Encrypt all eBay Data that is in electronic form while in transit over all your owned or managed networks;
      2. Encrypt all eBay Personal Data (as defined in the Terms) that is in electronic form while in storage or at rest (i.e., information stored in databases, in file systems, and on various forms of online and offline media); and
      3. Hash all passwords that are in electronic form. Passwords may only be stored in hashed form.


     

    1. Security Audits.

    You shall, upon reasonable notice, allow your data processing procedures and documentation to be inspected by eBay (or its designee) in order to ascertain compliance with this ISR or any Terms between eBay and you. You shall fully cooperate with audit requests by providing access to relevant knowledgeable Personnel and documentation.

     

    1. Security Incident Response.

    You will maintain an industry standard incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. 

     

    Upon discovering or otherwise becoming aware of an Incident that results in a Compromise of eBay Data (“Security Breach”), you shall take commercially reasonable measures to mitigate the harmful effects of the Security Breach. You shall notify eBay of the Security Breach as soon as practicable, but in no event later than 24 hours after the Security Breach and in any case before notifying any third party or authority. Notice to eBay shall be written to CSIRT@EBAY.COM. 

     

    1. Data Retention and Deletion.

    To the extent permitted by law, you will only retain eBay Data for as long as Services are provided to eBay in accordance with the Terms; provided, however, that you agree to delete eBay Data received in EPN feeds within twenty (20) days from the date EPN makes such eBay Data available. You agree to dispose of eBay Data using a method that prevents any recovery of the data when it is no longer required by the Terms, upon termination of the Terms, or at any time upon written request from eBay, whichever occurs earlier. You agree to provide eBay with a written confirmation regarding the deletion of eBay Data upon request.

     

    1. Data Ownership.

    You acknowledge and agree that you have no ownership of, or right to use, sell, rent, lease, copy, access, combine, reproduce, display, perform, modify, transfer, or disclose eBay Data, or any derivative works thereof, except as expressly provided in the Terms.

     

    1. Survival. 

    Your obligations and eBay's rights under this ISR shall become effective on the Effective Date of the Terms and will continue in effect so long as you possess or Process eBay Data.

     

    1. Conflict. 

    If and to the extent language in this ISR conflicts with the Terms, this ISR shall con

     

 

 

Exhibit C: Clickless Attribution

 

EPN may, in its sole discretion and by invitation, offer You participation in a Program that involves payment based upon a Clickless Qualifying Event (the “Clickless Program”) rather than the standard affiliate marketing model. In order to participate, you may be required to complete Special Business Model applications, conform to specific integration methods, and receive EPN written approval, as described below.

 

For partners engaged in a Clickless Program only - in addition to the standard Network Agreement terms with which You are required to comply, the following terms and definitions shall apply. In the event of a conflict between this Exhibit C and the terms contained in the rest of the Network Agreement, this Exhibit C shall control.

 

    Definitions:

 

"A Clickless Qualifying Event" occurs when an end-user engages with an offer under a Clickless Program and makes a purchase within the offer timeframe as described in the applicable statement of work or insertion order. 

 

“Clickless Partner"refers specifically to an affiliate network member who has been approved to participate in a Clickless Program. If You are engaged in both a Clickless Program and non-Clickless Program, these terms only apply to Your participation in the Clickless Program and not to Your other network activities.

 

“Clickless Program" is Your specific engagement with eBay for clickless attribution under an applicable statement of work (“SOW”) or insertion order (“IO”).

 

    Your Participation

 

To participate in a Clickless Program and be compensated, a Clickless Partner:

 

(1) must be a registered EPN partner, 

 

(2) must send data files and complete transaction data per the schema as described in the EPN - Clickless Partner Data Integration Guidelines for the designated campaign timeframe to eBay via an agreed upon secure delivery method and frequency, 

 

(3) must comply with the program details outlined in the tailored SOW or IO,

 

Failure to comply with the preceding requirements may result in your termination and/or no payment for your Clickless activity from the Clickless Program, at EPN’s sole discretion.

 

    Payment Structure and Qualifying Transactions

 

Clickless Qualifying Events are subject to EPN-specific validation and attribution rules as they are not associated with a traditional affiliate tracking link, and are within EPN's sole discretion to determine which qualify for partner commission. You and EPN will work together in good faith to establish the specific payment criteria for your Clickless Program. You shall be paid in accordance with the EPN Rate Card as described in the Agreement.

 

Clickless Qualifying Events are limited to campaign specifications as agreed in the applicable SOW, IO, or upon other written approval. Unless otherwise agreed in writing between the parties, in the event a Clickless Qualifying Event is active beyond offer timeframe, neither EPN nor eBay shall be liable or responsible to compensate Partner for additional fees outside the campaign timeline.

 

The scope of the Clickless Program may differ from normal Affiliate Program activities, and certain items and categories may not be included in the Clickless Program. 

 

You may only be paid once for each Qualifying Event or Clickless Qualifying Event. Payments under a Clickless Program may change subject to Section V. Compensation.

 

    Data Sharing

 

Unless otherwise agreed in writing, all Partners participating in a Clickless Program shall be required to comply with all data sharing restrictions as described in the Network Agreement; including Section VI, Section VIII, the Code of Conduct, the DPA or DPRA, and all additional privacy protections.





 

Privacy Notice

Scope and Consent

 

This Privacy Notice describes how eBay Partner Network, Inc. (“ EPN ”) collects, uses, discloses, retains, and protects your personal information. It applies to any EPN site where this Privacy Notice appears in the footer, and to any EPN application, service, or tool (collectively “Services ”) where this Privacy Notice is referenced, regardless of how you access or use them, including through mobile devices.

 

You are contracting with eBay Partner Network, Inc. The company you are contracting with is your data controller, and is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our global privacy standards as well as any applicable national laws. Your data controller may transfer data to other members of the eBay Inc. corporate family as described in this Privacy Notice. We may process and retain your personal information on our servers in the U.S. and elsewhere in the world where our data centers are located.

 

We may change this notice from time to time, and we will post the amended terms at https://partnernetwork.ebay.com/legal and notify you by email of major changes. Amended terms will take effect immediately for new users, and 5 days after they are posted for existing users.

 

Personal Information We Collect

 

What is Personal Information?

 

Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

We do not consider personal information to include information that has been anonymized or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.

 

We collect personal information from you when you use our Services.

 

We collect personal information from you and any devices (including mobile devices) you use when you: use our Services, register for an account with us, provide us information on a web form, update or add information to your account, participate in a community board discussion chat, or when you otherwise correspond with us.

 

Some of this personal information, such as a way to identify you, is necessary to enter into our User Agreement. The provision of all other personal information is voluntary, but may be necessary in order to use our Services, such as the bidding, buying or selling information needed to conclude a transaction.

 

We may also collect personal information from other sources, as described below.

 

Personal information you give us when you use our Services or register for an account with us

    1. Identifying information such as your name, addresses, telephone numbers or email addresses when you register for an account with us.
    2. Bidding, buying, or selling information you provide during a transaction, or other transaction-based content that you generate or that is connected to your account as a result of a transaction you are involved in.
    3. Other content that you generate, or that is connected to your account (such as adding items to your basket, adding items to your Watch List, creating collections, and following other collections and sellers).
    4. Financial information (such as credit card or bank account numbers) in connection with a transaction.
    5. Postage, billing and other information used to purchase or send an item, as well as, where postal services are provided through one of our programs, information required to clear customs (such as Tax ID or other identification numbers) and relevant postage information (such as tracking numbers and tracking updates).
    6. In some instances, when you use our Services, you may provide age, gender, interests and favorites.
    7. You may also provide us other information through a web form, by updating or adding information to your account, through your participation in community discussions, member-to-member communications, chats, dispute resolution, or when you otherwise communicate with us regarding our Services.
    8. Additional information we are required or authorized by applicable national laws to collect and process in order to authenticate or identify you or to verify the information we have collected.

 

Personal information we collect automatically when you use our Services or register for an account with us

    1. We collect information about your interaction with our Services, your advertising preferences, and your communications with us. This is information we receive from devices (including mobile devices) you use when you access our Services. This information could include the following: Device ID or unique identifier, device type, ID for advertising, and unique device token.
    2. Location information, including location information from your mobile device. Keep in mind that most mobile devices allow you to control or disable the use of location services by any application on your mobile device in the device's settings menu.
    3. Computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history, and your web log information.

 

Personal information we collect using cookies and similar technologies

    1. We use cookies, web beacons, unique identifiers, and similar technologies to collect information about the pages you view, the links you click, and other actions you take when using our Services, within our advertising or email content.
    2. For more information about our use of these technologies, and how to control them, see Cookies and Similar Technologies .
 

Personal information collected from other sources

    1. We supplement the personal information we collect directly with information collected from third parties and add it to your account information. For example, we collect and use demographic and other information that is publically available in an applicable jurisdiction, additional contact information, credit check information, and information from credit bureaus, as allowed by applicable national laws
    2. Social Media. We allow you to share information with social media sites, or use social media sites to create your account or to connect your account with the respective social media site. Those social media sites may give us automatic access to certain personal information retained by them about you (e.g., content viewed by you, content liked by you, and information about the advertisements you have been shown or have clicked on, etc.). If you provide us with access to any site with video content, then you agree that we can share your video viewing with, or obtain information about your video viewing from, third-party social media sites for at least two years or until you withdraw authorization or connection to the social media site. You control the personal information you allow us to have access to through the privacy settings on the applicable social media site and the permissions you give us when you grant us access to the personal information retained by the respective social media site about you. By associating an account managed by a social media site with your account and authorizing us to have access to this information, you agree that we can collect, use and retain the information provided by these social media sites in accordance with this privacy notice. We may also use plug-ins or other technologies from various social media sites. If you click on a link provided via a social media plug in, you are voluntarily establishing a connection with that respective social media site.
    3. If you give us personal information about someone else, you must do so only with that person’s authorization. You should inform them how we collect, use, disclose, and retain their personal information according to our privacy notice.

 

How We use Your Personal Information

 

We use your personal information to provide and improve our Services, provide you with a personalized experience on our sites, contact you about your account and our Services, provide you customer service, provide you with personalized advertising and marketing, and to detect, prevent, mitigate and investigate fraudulent or illegal activities.

 

We use the personal information we collect from you for a range of different business purposes and according to different legal bases of processing. The following is a summary of how and according to which legal bases we use your personal information.

 

We use your personal information to fulfill a contract with you and provide you with our Services, to comply with our legal obligation, protect your vital interest, or as may be required for the public good. This includes:

    1. To provide payment processing and account management, operate, measure and improve our Services, keep our Services safe, secure and operational, and customize site content that includes items and services that you may like in response to actions that you take.
    2. To run the eBay Partner Network and its Programs, as described in the EPN Network Agreement (including, for example, providing tracking and reporting, and compensating you for your participation) and providing you with information and services you request.
    3. To contact you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed or as otherwise necessary to provide you customer service.
      • When contacting you for such purposes as outlined above, we may contact you via email, telephone, SMS/text messages, postal mail, and via mobile push notifications.
      • When contacting you via telephone, to ensure efficiency, we may use autodialed or pre-recorded calls and text messages as described in our User Agreement and as authorized by applicable law. Message and data rates may apply.
    4. To provide other services requested by you as described when we collect the information.
    5. We use general location information to provide you with location based services (such as advertising, search results, and other personalized content).
    6. To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities.
    7. To enforce our User Agreement , this privacy notice, or other policies, and to monitor restrictions on offers to buy or sell outside of eBay and member-to-member communications for violations of our policies or applicable laws.

 

We use your personal information to pursue our legitimate interests where your rights and freedoms do not outweigh these interests. We have implemented controls to balance our interests with your rights. This includes to:

    1. Improve our Services, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience.
    2. Personalize, measure, and improve our advertising based on your advertising customization preferences.
    3. Contact you via email or postal mail in order to offer you coupons, discounts and special promotions, poll your opinions through surveys or questionnaires and inform you about our Services, as authorized by applicable law.
    4. Contact you about public policy matters, or other current events, related to your ability to use our Services. This could include an invitation to join a petition, letter writing, call or other sort of public policy related campaigns.
    5. Deliver targeted marketing, service updates, and promotional offers based on your communication preferences.
    6. Measure the performance of our email marketing campaigns (e.g. by analyzing open and click rates).
    7. Measure sellers' performance (e.g. by using shipment tracking information that sellers and shipping providers send or provide through eBay).
    8. Monitor and improve the information security of our site and mobile applications.

 

With your consent, we may use your personal information to:

    1. Provide you with marketing via telephone calls, email, SMS or text.
    2. Provide you with marketing from other eBay Inc. corporate family members.
    3. Provide you with marketing from third parties.
    4. Customize third party advertising you might see on third party websites.
    5. Use your precise geo-location to provide location based services.
    6. Use your sensitive personal information to facilitate transactions in certain categories.

 

You have the right to withdraw your consent at any time.

 

We may use technologies considered automated decision making or profiling. We will not make automated-decisions about you that would significantly affect you, unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are required by law to use such technology.

 

Your choices about how we use your personal information

 

You have choices about how we use your personal information to communicate with you, to send you marketing information, how we provide you with customized and relevant advertising, and whether you want to stay signed into your account.

 

Communication preferences

 

You can control your email communication preferences in the Communication Preference section within your My eBay. There, you can also control your member-to-member communications preferences setting and choose which newsletters and promotions you want to receive.

 

Marketing

 

If you do not wish to receive marketing communications from us, you can unsubscribe via the link in an email you received, change your Communication Preferences within My eBay, indicate your communication preferences using the method described within the direct communication from us or contact us as described in the Contact Us section below. Keep in mind, we do not sell, rent, or otherwise disclose your personal information to third parties for their marketing purposes without your consent.

 

Advertising

 

If you do not wish to participate in our advertising personalization programs, you can opt-out by following the directions provided within the applicable advertisement, or through the programs described in our User Cookie Notice . The effect of an opt-out will be to stop personalized advertising, but it will still allow the collection of personal information as otherwise described in this privacy notice. We do not allow third parties to track or collect your personal information on our sites for their own advertising purposes, without your consent.

 

Staying Signed in

 

When you sign in to your account on our Services, we give you the option to stay signed in to your account for certain amount of time. If you are using a public or shared computer, we encourage you not to choose to stay signed in. You or any other user of the computer/browser you signed in on will be able to view and access most parts of your account and take certain specific actions during this signed in period without any further authorization. The specific actions and account activities that you or any other user of this computer/browser may take include:

    1. Bid, buy or make an offer on an item
    2. Check out or add items to your cart
    3. Purchase an item with PayPal using Faster Checkout (if enabled in your account)
    4. View the activity header
    5. View the My eBay page
    6. View or edit the Watch List or order details
    7. View the profile page
    8. Send member-to-member messages
    9. Conduct after-sale activities, like leaving Feedback, canceling orders, requesting returns or submitting claims

 

If you attempt to change your password, User ID, update any other account information or attempt other account activity beyond those listed above, you may be required to enter your password.

 

You can typically end your signed in session by either signing out and/or clearing your cookies. If you have certain browser privacy settings enabled, simply closing your browser may also end your signed in session. If you are using a public or shared computer, you should sign out and/or clear your cookies when you are done using our Services to protect your account and your personal information.

 

Ways you can access, control, and correct your personal information  

 

We respect your right to access, correct, request deletion or request restriction of our usage of your personal information as required by applicable law. We also take steps to ensure that the personal information we collect is accurate and up to date.

    1. You have the right to know what personal information we maintain about you
    2. We will provide you with a copy of your personal information in a structured, commonly used and machine readable format on request
    3. If your personal information is incorrect or incomplete, you have the right to ask us to update it
    4. You have the right to object to our processing of your personal information
    5. You can also ask us to delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our Services

 

Access, correction, and deletion of your personal information

 

You can see, review and change most of your personal information by signing in to your account. Please, update your personal information immediately if it changes or is inaccurate. Keep in mind, once you make a public posting, you may not be able to change or remove it.

 

We will honor any statutory right you might have to access, modify or erase your personal information. To request access and to find out whether any fees may apply, if permitted by applicable national laws, please contact us following the instructions in the Contact Us section below. Where you have a statutory right to request access or request the modification or erasure of your personal information, we can still withhold that access or decline to modify or erase your personal information in some cases in accordance with applicable national laws.

 

If you request that we stop processing some or all of your personal information or you withdraw (where applicable) your consent for our use or disclosure of your personal information for purposes set out in this privacy notice, we might not be able to provide you all of the Services and customer support offered to our users and authorized under this privacy notice and our User Agreement.

 

Upon your request, we will close your account and remove your personal information from view as soon as reasonably possible, based on your account activity and in accordance with applicable national laws.

 

How We Might Share Your Personal Information

 

We may disclose your personal information to other members of the eBay Inc. corporate family or to third parties. This disclosure may be required for us to provide you access to our Services, to comply with our legal obligations, to enforce our User Agreement, to facilitate our marketing and advertising activities, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our Services. We attempt to minimize the amount of personal information we disclose to what is directly relevant and necessary to accomplish the specified purpose. We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent.

 

We may disclose your personal information to the following parties for the following purposes:

 

eBay Inc. corporate family members, who may use it to:

    1. Provide joint content and services (like registration, transactions, and customer support)
    2. Help detect, investigate, mitigate and prevent potentially fraudulent and illegal acts, violations of our User Agreement, and data security breaches
    3. Provide you personalized advertising
    4. Improve their products, sites, applications, services, tools, and marketing communications.
    5. Members of our eBay Inc. corporate family will use your personal information to send you marketing communications only if you have consented to receive such communications from them or if otherwise permitted by the law.

 

Service Providers and financial institutions partners as follows:

    1. Third party service providers who help us to provide our Services, payment processing services, assist us in providing customize advertising, to assist us with the prevention, detection, mitigation, and investigation of potentially illegal acts, violations of our User Agreement , fraud and/or security breaches, bill collection, affiliate and rewards programs, co-branded credit cards and other business operations.
    2. Third party financial institutions with whom we partner to offer financial products to you, for them to provide joint content and services (such as, registration, transactions and customer support). These third party financial institution partners will use your personal information to send you marketing communications only if you have requested their services.
    3. Third party shipping providers (e.g., DHL, UPS, USPS, etc.) with whom we share delivery address, contact information and shipment tracking information for the purposes of facilitating the delivery of items purchased and other delivery related communications.
    4. Third party providers of websites, applications, services and tools that we cooperate with so that they can publish or advertise your listings and their content on their websites or in their applications, services and tools. If we transfer personal information along with the content of your listings to third party providers, this will be solely on the basis of an agreement limiting use by the third party provider of such personal information to processing necessary to fulfil their contract with us and obligating the third party provider to take security measures with regard to such data. Third party providers are not permitted to sell, lease or in any other way transfer the personal information included in your listings to third parties.

 

Law enforcement, legal proceedings, and as authorized by law

    1. To comply with our legal requirements, enforce our User Agreement, respond to claims that a listing or other content violates the rights of others, or protect anyone's rights, property or safety.
    2. To law enforcement or governmental agencies, or authorized third-parties, in response to a verified request or legal process relating to a criminal investigation or alleged or suspected illegal activity or any other activity that exposes us, you, or any other of our users to legal liability. We will only disclose information we deem relevant to the investigation or inquiry, such as name, city, state, postcode, telephone number, email address, User ID history, IP address, fraud complaints, bidding and listing history.
    3. To participants of the eBay VeRO Program globally under confidentiality agreement, as we in our sole discretion deem necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity. In such events, we will disclose seller’s name, street address, city, state, postcode, country, phone number, email address and company name to the participants of the eBay VeRO Program.
    4. To credit agencies or bureaus as authorized by applicable national laws (e.g. information on late or missed payments or other defaults on your account that may be reflected in your credit report or file).
    5. To third parties involved in a legal proceeding, if they provide us with a subpoena, court order or substantially similar legal basis, or we otherwise believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity.

 

Other eBay users as authorized by you or your use of our Services

    1. When transacting with another user, the other user may request that we provide him/her with information about you necessary to complete the transaction, such as your name, account ID, email address, contact details, shipping and billing address, or other information from you needed to promote the reliability and security of the transaction.
    2. If a transaction fails, is put on hold, or is later invalidated, we may also provide the other user with details of the unsuccessful transaction
    3. The other user receiving your information should only use it for purposes related to the transaction. Unless you have consented to receive marketing from them, they should not contact you for marketing purposes.
    4. Contacting users with unwanted or threatening messages is a violation of our User Agreement.

 

We may disclose your personal information to PayPal Inc. and its corporate family

    1. To prevent, detect, mitigate, and investigate potentially illegal acts, fraud and/or security breaches, and to assess and manage risk, including to alert you if fraudulent activities have been detected on your eBay or PayPal accounts
    2. To provide customer services, including to help service your account or resolve disputes (e.g., billing or transactional disputes)
    3. To facilitate the processing of payment cards when you pay within our Services with a payment card and we use PayPal to process your payment
    4. To facilitate shipping and related services for purchases you made using PayPal

 

Change of Ownership

If we are subject to a merger or acquisition with/by another company, we may share information with them in accordance with our global privacy standards. Should such an event occur, we will require that the new combined entity follow this privacy notice with respect to your personal information. If we intend to handle your personal information for any purposes not covered in this privacy notice, you will receive prior notification of the processing of your personal information for the new purposes.

 

How long we keep your personal information  

 

We retain your personal information for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies.

 

Our specific retention times for personal information are documented in our regional records retention schedules. How long we retain personal information can vary significantly based on context of the Services we provide and on our legal obligations. The following factors typically influence retention periods:

    1. How long is the personal information needed to provide our Services? This includes such things as maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most of our data retention periods.
    2. Is the personal information sensitive? If so, a shortened retention time is generally appropriate.
    3. Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
    4. Are we subject to a legal, contractual, or similar obligation to retain your personal information? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or personal information retained for the purposes of litigation.

 

After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner according to our data retention and deletion policies.

 

Cookies and similar technologies  

 

When you visit or interact with our sites, services, applications, tools or messaging, we or our authorized service providers may use cookies and other similar technologies to help provide you with a better, faster, and safer experience, and for advertising and marketing purposes. You can read our full User Cookie Notice  for more information.

 

How do we protect your personal information  

 

We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls. For more information about staying safe while buying and selling online, or to report an issue with your account please visit our Security Center .

 

Global privacy standards  

 

We have established a set of global privacy standards for all eBay Inc. companies known as our Binding Corporate Rules (BCRs). They are our commitment to protect your personal information and honor our privacy obligations within our eBay Inc. corporate family. More information about our BCRs and our global privacy standards is available at our   eBay Privacy Center .

 

Data Controllers and Data Protection Officers

 

If you reside in the United States, you are contracting with eBay Inc., 2025 Hamilton Avenue, San Jose, CA 95125, USA and, if you use our payments services, also with eBay Commerce Inc., 2025 Hamilton Avenue, San Jose, CA 95125, USA, for such payments services. 

 

If you reside outside of the United States, you are contracting with one of our international eBay companies, as follows:

    1. If you reside in Canada you are contracting with eBay Canada Limited, 500 King Street West, Suite 200, Toronto, ON M5V 1L9, Canada;
    2. If you reside in a country within the European Union (except the United Kingdom) you are contracting with eBay GmbH, Albert-Einstein-Ring 2-6, 14532 Kleinmachnow, Germany;
    3. If you reside in the United Kingdom you are contracting with eBay (UK) Limited, 5 New Street Square, London, EC4A 3TW, United Kingdom;
    4. If you reside in any other country, you are contracting with eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland.
    5. If you use our eBay Customer Guarantee services and reside in France, Italy or Spain, you are also contracting with eBay Services S.àr.l, 22-24 Boulevard Royal, 2449 Luxembourg for such specific services.

 

The company you are contracting with is your data controller, and is responsible for the collection, use, disclosure, retention and protection of your personal information in accordance with our global privacy standards, this privacy notice, as well as any applicable national laws.

 

Your data controller may transfer data to other members of the eBay Inc. corporate family who have signed our BCRs, as described in this privacy notice.

 

We may process and retain your personal information on our servers in the U.S. and elsewhere in the world where our data centers are located.

 

Where we have a legal obligation to do so, we have appointed data protection officers (DPOs) to be responsible for the privacy program at each of the respective data controllers.

 

Other important privacy information

 

This section describes some additional privacy information related to your use of our Services that you may find important.

 

When you share your personal information on our sites or applications –what happens?

 

Other users have access to the information you share on eBay. For example, other users can see your bids, purchases, items for sale, your collections, the sellers and collections you follow, storefronts, feedback, ratings, product reviews and associated comments. Other users can also see any information you chose to share in your profile or your collections.

 

When you use our Services, your public user ID may be displayed and available to the public and associated with all of your public eBay activity. Notices sent to other users about suspicious activity and notice violations on our sites may refer to your public user ID and specific items. If you associate your name with your user ID, the people to whom you have revealed your name may then be able to identify your eBay activities.

 

To help protect your privacy, we allow only limited access to other users' contact, shipping and financial information as necessary to facilitate your transactions and collect payments. However, when users are involved in a transaction, they have access to each other's name, user ID, email address and other contact and shipping information.

 

Your responsibilities over transactional information you receive through eBay

 

When you transact with another user, we enable you to obtain or we may provide you with the personal information of the other user (such as their name, account ID, email address, contact details, shipping and billing address) to complete the transaction. Independent from us, you are the controller of such data and we encourage you to inform the other user about your privacy practices and respect their privacy. In all cases, you must comply with the applicable privacy laws, and must give the other user a chance to remove them from your database and them a chance to review what information you have collected about them.

 

You may use the personal information that you have access to only for eBay transaction-related purposes, or for other services offered through eBay (such as escrow, shipping, fraud complaints, and member-to-member communications), and for purposes expressly consented by the user to whom the information relates. Using personal information of other users that you have access to for any other purpose constitutes a violation of our User Agreement .

 

Unwanted or threatening email

 

We do not tolerate abuse of our Services. You do not have permission to add other users to your mailing list (email or postal), call, or send him/her text messages for commercial purposes, even if this user purchased something from you, unless the user has given his/her explicit consent. Sending unwanted or threatening email and text messages is against our User Agreement . To report eBay-related spam or spoof emails please forward the email to spam@ebay.com  or spoof@ebay.com .

 

Communication tools

 

We may scan messages automatically and check for spam, viruses, phishing and other malicious activity, illegal or prohibited content or violations of our User Agreement, this privacy notice or our other policies.

 

Children's Privacy

 

Our websites are general audience websites and not intended for children. We do not knowingly collect personal information from users deemed to be children under their respective national laws.

 

Third Party Privacy Practices

 

This privacy notice addresses only our use and handling of personal information we collect from you in connection with providing you our Services. If you disclose your information to a third party, or visit a third party website via a link from our Services, their privacy notices and practices will apply to any personal information you provide to them or they collect from you.

 

We cannot guarantee the privacy or security of your personal information once you provide it to a third party and we encourage you to evaluate the privacy and security policies of your trading partner before entering into a transaction and choosing to share your personal information. This is true even where the third parties to whom you disclose personal information are bidders, buyers or sellers on our site.

 

How to Contact Us

 

If you have a question or a complaint about this privacy notice, our global privacy standards, or our information handling practices, you can reach the Global Privacy Office in writing at: eBay Inc, Attn: Legal - Global Privacy Office, 2065 Hamilton Avenue, San Jose, California 95125, USA.

 

You can find more information on how to contact us and our data protection officers at our eBay Privacy Center

 

Your right to file complaints with a data protection supervisory authority remains unaffected.




 

 

Program Details

Program Details at eBay

Advertiser: eBay Inc.

Participating Sites and Content*:

 

Country

Participating Site and Content

Australia

www.ebay.com.au

Austria

www.ebay.at

Belgium

www.ebay.be

Canada

www.ebay.ca

France

www.ebay.fr

Germany

www.ebay.de

Ireland

www.ebay.ie

Italy

www.ebay.it

Netherlands

www.ebay.nl

Poland

www.ebay.pl

Spain

www.ebay.es

Switzerland

www.ebay.ch

United Kingdom

www.ebay.co.uk

United States

www.ebay.com

 

*EPN may, in its sole discretion, add or remove countries and websites from this list of Participating Sites and Content.

 

Program Description:  Directing end users to Participating Sites and Content in exchange for a percentage of GMB OR participating in eBay's Buy API Program in exchange for a percentage of GMB associated with an end user's purchase of products or services through your implementation of eBay's Buy API Program.

 

 

Global Rate Card

 

Rate card as of Aug 24, 2020: 

A screenshot of a price list

Description automatically generated

Please note there may be exceptions to the rate card above for certain partners based on business model or other special circumstances.

 

Also, regarding the aforementioned Rate Card: Per the terms of the Network Agreement, EPN may modify your specific pricing, earning caps, and any other compensation terms at any time by providing three (3) days’ notice to you. Should a Force Majeure Event affect the Rate Card applicable to You, EPN may modify your specific pricing, earning caps, and any other compensation terms effective immediately without providing you advance notice. Your specific pricing will be reflected on your contract, which can be viewed in EPN's Partner Portal. In the event of a discrepancy between this Rate Card and the pricing reflected in your Partner Portal account, the pricing indicated in your Partner Portal account will govern. 

 

Payment Structure for Qualifying Transactions:

A Qualifying Transaction for a purchase occurs when (1) an end user makes a purchase on a participating Affiliate website within 24 hours after clicking your Promotional Content for a “Buy It Now ”item, (2) an end user places a bid on an auction within 24 hours after clicking your Promotional Content and wins such auction within 10 days for an “Auction” item, (3) an end user makes a purchase through eBay's API on a digital property that is owned and operated by you and that complies with all other terms and conditions of your agreement for participation in eBay's Buy API Program, or (4) an end user makes its initial subscription payment for an applicable subscription based service (for example, eBay Plus). For any Qualifying Transactions for purchases, you receive a percentage of the GMB for that purchase, based on the category-level commission rates shown below. Note that there are certain items and categories for which eBay Inc. earns low or no revenue; in such cases, you will therefore earn low or no revenue share. These items and categories may include, but are not limited to gift cards, items sold by charities, and special promotional deals. You may only be paid once for each Qualifying Transaction for a purchase; no duplicate payments will be made under eBay's Buy API Program.

 

Notwithstanding the foregoing, the following exceptions apply to attribution on purchases made within 24 hours of an end user click:

(1) Auctions : If an end user clicks on a Promotional Link, bids on an auction within 24 hours of such click, returns to the site at a later date, bids on the same item ID being auctioned, and wins such auction, then EPN shall attribute the Qualifying Transaction to the Promotional Link click for the initial bid placed on such item ID, provided that such initial bid occurred within thirty (30) days of the auction win and regardless of any subsequent clicks on Links from different Affiliates or the applicable Advertiser conducting any promotional activities subsequent to such click and prior to the auction win.

(2) Multi BIN sales : If an end user completes a Qualifying Transaction on a “Buy It Now ”item, then all purchases by the same end user of the same item ID for thirty (30) days from the initial click on your Promotional Content shall be attributed to you, regardless of other referring clicks for the same end user on the same item ID. The same rate of commission will be applicable as was applied to the first qualifying transaction.

 

 

Buyer and Seller Initiated Offers

Best Offer: Within 24 hours of clicking a promotional link, if an end user initiates an offer with any Seller directly, a sequence of offers and counteroffers may commence. Upon receipt of an initiated offer, a Seller has up to twenty-four (24) hours to either accept or make a counteroffer. If Seller makes a counteroffer, Buyer then has up to an additional 24 hours to accept or propose a counteroffer. Buyer and Seller may both make a total of 5 offers or counteroffers each. As long as each subsequent offer and counteroffer is made within 24 hours of the previous offer or counteroffer, and the total offers do not exceed 5 by any party, the commission shall be earned when an offer or counteroffer is accepted. If an offer or counteroffer is not accepted within 24 hours, or if the total number of offers by any party exceeds 5, then no commission shall be earned.

 

Seller Initiated offer: Within 24 hours of an end user clicking a promotional link, if a seller initiates an offer directly to that end user, a sequence of counteroffers and offers may commence that count as a qualifying event, as follows: once a seller offer is presented, an end user has up to 48 hours to either accept or make a counteroffer. If offer is accepted and payment made, a qualifying event for commission is recorded. If a counteroffer is presented by the end user, the seller has up to 48 hours to accept or make another offer. Both seller and end user may make up to 5 offers or counteroffers, and the commission shall be earned when an offer or counteroffer is accepted within the designated 48 hour response period. If an offer or counteroffer is not accepted within 48 hours, or if the total number of offers by any party exceeds 5, then no commission shall be earned.

 

Cost Per Click Programs

EPN may, in its sole discretion, offer to allow you to participate in a Program that involves payment based upon a Cost Per Click model rather than payment based upon end user transactions successfully completed (a “CPC Program”). In the event that you are invited to participate in such a program, the rate card governing your participation (your “CPC Rate Card ”) shall be reflected in your contract, which can be viewed in EPN's Partner Portal. If you participate in the CPC Program: 

 

A CPC Program Qualifying Click (“Qualifying Click”) occurs when a valid end user clicks a Link that has been authorized for use in a CPC Program. For any Qualifying Click you will receive an agreed upon fee as set forth in Your CPC Rate Card as reflected on your contract, which can be viewed in EPN's Partner Portal. Note that the scope of the CPC Program may be more limited than the normal Affiliate Program described above and certain items and categories for which eBay Inc. earns low or no revenue may not be included in the CPC Program. You may only be paid once for each Qualifying Click; no duplicate payments will be made. For clarity, all provisions of this Agreement shall apply to CPC Programs except for the Global Rate Card and definition of Qualifying Transaction above, which shall be governed by this “Cost Per Click Programs” section. 

 

Priority Listing Incentive

EPN may, in its sole discretion, offer additional compensation to selected Partners when such Partners (i) promote (via Promotional Content) certain, EPN-designated items and listings (“Priority Listing(s)”) and (ii) such Promotional Content results in a Qualifying Transaction of the Priority Listing(s) (“Qualifying Priority Listing Transaction ”). Tracking and attribution of Qualifying Priority Listing Transactions will be based on EPN's tracking and attribution data, which is definitive and shall control in the event of any dispute. The specific compensation details offered to the selected, participating Partners will be made available in the Partner Portal. Subject to the terms of the Network Agreement, EPN may modify the terms of this Priority Listing Incentive and the compensation offered under this incentive. 

 

 

U.S. Seller Incentive

Commencing on June 15, 2020 and subject to the terms contained herein, any Partner who is also a seller registered on eBay.com with a U.S. address shall earn an incentive payment for all Qualifying Transactions that are both attributed to the Partner and result from the sale of the Partner’s inventory listed on eBay.com (the “U.S. Seller Incentive”). Only Qualifying Transactions associated with a U.S seller’s eBay.com account that was used to register with EPN shall be eligible for the U.S. Seller Incentive. The U.S. Seller Incentive shall equal the Final Value Fee (as defined on the seller’s applicable selling fees page) less the compensation earned pursuant to the EPN Global Rate Card, exclusive of this U.S. Seller Incentive. Notwithstanding the foregoing, no Partner shall be eligible for this U.S. Seller Incentive if (1) the Partner’s seller level is Below Standard , as determined in the sole discretion of the U.S. Affiliate at the time of the Qualifying Transaction, or (2) the EPN compensation earned is greater than the Final Value Fee on the Qualifying Transaction. All calculations of the U.S. Seller Incentive shall be made by EPN based on EPN's tracking data and information received from Affiliate(s). EPN tracking data and information received from Affiliate(s) (i.e., seller standards classification and Final Value Fee) is definitive and shall control in the event of any dispute.

Exclusions:

The following exclusions apply to the U.S. Seller Incentive:

  • Qualifying Transactions in Vehicles and Real Estate categories are excluded
  • Additional Final Value Fees incurred by Partners pursuant to the Service metrics policy are excluded

 

EPN Exclusive Coupon Programs  

From time-to-time EPN may invite you to participate in a curated "Coupon Event". You will be able to review and join or decline to join the specific Coupon Event. During the time period specified in the Coupon Event ("Coupon Period"), EPN shall make Links available for incorporation into your approved Promotional Methods allowing end users to use promotional codes on eBay ("Coupons"), and these Coupons will be redeemable by qualifying recipients during the period of validity specified in the Coupon Event ("Coupon Valid Dates"). The Coupons can be applied to the purchase of certain items or items within certain eBay selected categories ("Coupon Eligible Items") and expire at the end of the Coupon Valid Dates. Once an end user has clicked a Coupon Link they will have twenty four (24) hours in which to redeem the Coupon before that Coupon expires, regardless of the time period of the overall Promotion Period. The Coupons shall be subject to the Coupon Event Terms and Conditions specified in the Coupon Event and all Promotional Methods including or directing to Coupons must direct the end user to Coupon Event Terms and Conditions page. Coupons and Coupon Events do not impact the Rate Card and do not effect payment for any Qualifying Events, and are purely to be used as Promotions to increase end user engagement; You will receive no additional compensation relating to Coupons or Coupon Events.