Our Binding Corporate Rules ("BCR") binds eBay to protect user information consistently throughout eBay companies and vendors globally. The BCRs require eBay Entities observe the following processing principles for User Information:
- Process User Information fairly and lawfully;
- Provide notice to Users about the processing of their personal information and their rights;
- Collect User Information for specified, legitimate purposes and not process further in ways incompatible with those purposes;
- Maintain User Information in adequate and relevant ways, in relation to the purposes for which they are collected;
- Keep User Information accurate and up-to-date as reasonably possible;
- Process User Information in a way that is relevant and not excessive for the purposes which they are collected and used;
- Store User Information for as long as necessary for the Services; and
- Protect User Information with appropriate physical, technical and organizational security measures to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction and damage.
In addition to our BCRs, we monitor developments in global privacy regulations, such as the EU General Data Protection Regulation (GDPR) in Europe and California Consumer Privacy Act in the United States, and incorporate those requirements into our overall privacy program and control environment as appropriate.