Expand All

Our Binding Corporate Rules ("BCR") binds eBay to protect user information consistently throughout eBay companies and vendors globally. The BCRs require eBay Entities observe the following processing principles for User Information:

  • Process User Information fairly and lawfully; 
  • Provide notice to Users about the processing of their personal information and their rights;
  • Collect User Information for specified, legitimate purposes and not process further in ways incompatible with those purposes; 
  • Maintain User Information in adequate and relevant ways, in relation to the purposes for which they are collected; 
  • Keep User Information accurate and up-to-date as reasonably possible; 
  • Process User Information in a way that is relevant and not excessive for the purposes which they are collected and used; 
  • Store User Information for as long as necessary for the Services; and 
  • Protect User Information with appropriate physical, technical and organizational security measures to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction and damage.

In addition to our BCRs, we monitor developments in global privacy regulations, such as the EU General Data Protection Regulation (GDPR) in Europe and California Consumer Privacy Act in the United States, and incorporate those requirements into our overall privacy program and control environment as appropriate.

Laws around the world define sensitive information differently. In the United States, Sensitive information is defined in state and federal law and focuses on information that could be used to commit financial fraud or identity theft. In the EU, Sensitive Personal Definition includes types of information that could be used to discriminate against an individual, for example ethnic origin or political views.

Our Binding Corporate Rules ("BCR") require us to not knowingly collect EU sensitive personal information from users or use it for our own purposes if it is voluntarily provided by users.

Financial information that is provided to us to facilitate transactions on our sites is protected by a variety of technical, organizational and physical controls. We continually review and improve our security measures, such as our efforts to migrate to using HTTPS as described here on our technology blog.

We may disclose your personal information to other members of the eBay Inc. corporate family or to third parties. This disclosure may be required for us to provide and to provide you access to our Services, to comply with our legal obligations, to enforce our User Agreement, to facilitate our marketing and advertising activities, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our Services.

We do not disclose your personal information to third parties for their marketing and advertising purposes without your explicit consent.

Each eBay-owned site has a User Privacy Notice that describes in detail the personal information we may disclose about you and the circumstances for disclosure, including your ability to limit that sharing in some scenarios. Our overarching global approach to information sharing is also described in our Binding Corporate Rules (BCR).

We have training in place to help our engineers understand the privacy and security considerations throughout the product lifecycle (design through implementation). This includes concepts such as data minimization, user transparency and choice, and privacy-respecting default settings. Checks have been embedded in our processes to validate the security controls prior to deploying products to our Users.

Further, eBay has Security and Privacy Champions programs in order to embed security privacy knowledge in our products. Our training programs are regularly updated to take account of developments in privacy and information security.

Here at eBay we want to help you stay safe on eBay and elsewhere on the Internet. Our Security Center provides guidance on how to protect your personal information and secure your devices and networks. It also provides resources on how to stay safe from scammers and provides resources for reporting concerns.

eBay may share User Information with third party processors (such as service providers or vendors) worldwide who help with their business operations. The Service’s User Privacy Notice further describes the types of third parties eBay Entities may share User Information with and under what circumstances. Contracts with third party processors require sufficient technical and organizational security measures, limit the use of User Information to purposes defined by the Data Controller and retain control of User Information where applicable. Additionally, eBay Entities will only transfer User Information of Users located in the EU to third party processors that provide an adequate level of protection when processing User Information (for instance by entering into contracts based on the model clauses for the transfer of EU User Information to processors established in third countries published by the European Commission). Agreements with third party processors provide for legal remedies in the event of a breach of the agreement.

To close your account on eBay or eBay-owned sites, go to the site's help pages or contact the site's customer support team. We'll remove your personal information, or make it anonymous, as soon as reasonably possible based on your account activity and in accordance with applicable law. We may delay an account closure or retain your information to conduct an investigation or if required by law.

We may also retain account information to do any of the following:

  • Comply with law
  • Prevent fraud
  • Collect any fees owed
  • Resolve disputes
  • Troubleshoot problems
  • Assist with investigations
  • Enforce a site's terms and conditions
  • Comply with legal requirements
  • Take other actions otherwise permitted by applicable law

Once we no longer have a need to retain information, it is erased in accordance with our retention and deletion policies.

For complete details about the personal information eBay and eBay-owned sites collect about you, view the site's User Privacy Notice. Generally, we collect enough personal information to do the following:

  • Facilitate the service you request
  • Resolve disputes
  • Troubleshoot problems
  • Process transactions
  • Collect fees
  • Measure your interest in our services
  • Inform you about our other offers, products, services, and updates
  • Customize your experiences
  • Detect and protect eBay against error, fraud, and other criminal activity
  • Enforce our terms and conditions and as otherwise described at the time of collection

The help pages on eBay and eBay-owned sites answer many of our customers' frequently asked questions. If you still have questions after viewing our help pages or using our automated response system, please contact the site's customer support team.

eBay, Inc. stores data in a multitude of locations around the world to provide the best service possible to our users. To ensure the integrity of our systems, we are unable to provide specific location details. eBay ensures compliance with regulatory and local laws in according to our Binding Corporate Rules (BCRs) and apply industry standard physical, technical, process, and business controls to ensure data is adequately protected and only accessed by authorized and authenticated parties. For more information, please see ebay.com/security.

If you have any other questions, please contact eBay Customer Support.