Last Modified: December 15, 2022
BlackLine Privacy Statement
This BlackLine Privacy Statement (“Statement”) describes how we collect, use, share and otherwise process information relating to an identified or identifiable individual or household (“Personal Data”), and explains your related rights regarding our processing of your Personal Data. A reference to “BlackLine,” “we,” or “us” is a reference to BlackLine Systems, Inc., 21300 Victory Blvd 12th Floor, Woodland Hills, CA 91367 and the relevant affiliate involved in the processing activity.
1. PROCESSING ACTIVITIES COVERED
This Statement applies to the processing of Personal Data collected by us when you:
Visit our public website at www.blackline.com (“Public Website”);
Use our cloud products and services as an authorized user (for example, as an employee of one of our customers who provided you with access to our services), whether through our hosted service website or any of our mobile apps or otherwise (“Hosted Service”);
Receive communications from us, including emails, phone calls, or SMS;
Visit our offices; or
Register for, attend and/or otherwise take part in our events or webinars.
BlackLine is the controller of your Personal Data as described in this Statement, unless expressly specified otherwise, and may act as a joint controller with its EU affiliates for the Personal Data of EU customers and prospects.
We may process Personal Data submitted by or for a customer to our Hosted Service. To this end, we process such Personal Data in the role of a processor on behalf of a customer (and/or its affiliates) who is the controller of the Personal Data concerned. Our Hosted Service permits customers to share and manage information by uploading and submitting data or content that can be shared, stored, and accessed through the Hosted Service (“Customer Data”). This Statement does not cover Customer Data, including any Personal Data contained in it. Customers control the nature of Customer Data and are the data controllers. We are a data processor of such Customer Data, which means we only use it as directed by our customers.
2. WHAT PERSONAL DATA DO WE COLLECT DIRECTLY FROM YOU?
The Personal Data we collect directly from you may includes identifiers, professional or employment-related information, financial account information, commercial information, visual information, internet activity information and inferences drawn from any of the above information categories. We collect such information in the following situations:
PUBLIC WEBSITE INFORMATION COLLECTION
As you navigate the Public Website, BlackLine may collect information such as your Internet Protocol (IP) address, Web browser information and your actions while on the Public Website. This information will be collected, if at all, through the use of commonly-used information-gathering tools, such as cookies and web beacons. Standing alone, this information does not directly identify you personally. You can configure the types of cookies that will be active while browsing with the consent manager accessible from our Public Website. When expressing interest in BlackLine’s products or services, or using our “Contact Us” or similar features, you may have the option to provide contact information such as your name, job title, organization name, address, e-mail address, or phone number. You may also have the option of engaging in a “live chat” or other form of interactive communication, during which BlackLine may collect a record of information disclosed by you. Providing this optional information is voluntary on your part, and in the absence of providing such information you remain anonymous to BlackLine.
Use of Information Collected
We use your information, including your Personal Data, for the following purposes:
To provide our Public Website and other services to you, to communicate with you about your use of our Public Website and services, to diagnose technical problems, to respond to your inquiries and for other customer service purposes.
To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Public Website.
To send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters) about us, including information about our products and services, promotions, special offers or events as necessary or to otherwise contact you about products or information we think may interest you. You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine being able to send you marketing information may apply depending on the jurisdiction.
To better understand how individuals access and use our Public Website, both on an aggregated and individualized basis, in order to improve our Public Website and services and respond to user desires and preferences, and for other research and analytical purposes.
Automated Decision Making
We may use automated decision making to display or send recommendations and personalized offers to you based on your Personal Data, which may include your browsing history, geographic location, employer, job title, and other non-sensitive data. In cases where information has been limited to a certain area through automated decision making based on your Personal Data, we will present you with the option to view more general information outside of that area that has not been limited.
Third Party Links
The Public Website may contain links to other web sites or third-party applications such as Facebook, Twitter, LinkedIn or YouTube. BlackLine is not responsible for the privacy practices or the content of these other web sites or applications, and we advise you to refer to the policy statements of these third parties to understand how they collect and use information.
HOSTED SERVICE INFORMATION COLLECTION
BlackLine collects information, including Personal Data, from users of the Hosted Service (“User Information”). “User Information” does not include Customer Data. Access to the Hosted Service is subject to the terms and conditions of a Master Subscription Agreement or similar agreement between BlackLine and the party or entity that has subscribed to the Hosted Service. Any User Information provided through the Hosted Service will be subject to this Statement, unless otherwise specified in the Master Subscription Agreement.
The User Information that we collect from you in connection with the Hosted Service includes the following:
In order for a user to access the Hosted Service, a user may submit Personal Data to the Hosted Service (e.g., user first and last name and e-mail).
Information about your device and your usage of the Hosted Service through cookies, web beacons, log files or similar technologies, such as IP addresses or other unique identifiers, which may qualify as Personal Data.
User profile information voluntarily provided by users, for example a phone number or profile picture.
If you request customer support, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, and/or email address.
Use of Information Collected
BlackLine uses User Information for the purpose of providing, maintaining, supporting and improving the Hosted Service, maintaining security, for authentication purposes, processing customer payments, communicating with you about your use of the Hosted Service, responding to communications from you, diagnosing and responding to technical or service problems, handling support requests, providing technical support and other customer service and support purposes, and for other research and analytical purposes.
We may process Personal Data that you provide to us for the purpose of subscribing to our Trust site notifications (e.g., name, email and mobile phone) (“Notification Data”). The Notification Data may be processed for the purposes of sending you requested relevant notifications (including emails and SMS messages). The legal basis for this processing is consent. You can unsubscribe at any time (see Section 6 “Your Rights” below).
If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request.
In addition, BlackLine uses User Information to assess and identify potential customer opportunities and send marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters) about us, including information about our products and services, promotions, special offers, educational webinars, best practice summits or other events, or to otherwise contact you about products or information we think may interest you.
You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine’s ability to send you marketing information may apply depending on jurisdiction. Please note that opting-out of marketing communications does not affect your receipt of business communications that are important to your interaction with BlackLine, such as communications about your subscriptions, service announcements, support/service communications, security updates, event registration updates or account management communications.
BLACKLINE EVENTS INFORMATION COLLECTION
For the purposes of this Statement, a “BlackLine event” includes any conference, webinar, forum, seminar or workshop, whether taking place virtually or in-person.
If you register for a BlackLine event, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, and/or email address. You may also be required to provide your financial and billing information (such as billing name and address, and credit card number). If you attend a BlackLine event, we may with your further consent scan your attendee badge, which will provide us your information, such as name, title, company name, address, phone number and email address.
Use of Information Collected
By registering for a specific BlackLine event, you agree to BlackLine’s processing of the Personal Data you submit as part of registration for the following purposes:
to communicate with you regarding the specific BlackLine event for which you registered or that you attend;
to perform our contract with you;
for our internal reporting purposes;
as reasonably necessary for the management, support and organization of the specific BlackLine event for which you registered or that you attend;
for any other purpose to which you consent in connection with the specific BlackLine event for which you registered or that you attend; and
for research and analytical purposes.
If you have provided payment information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.
Disclosure of Information Collected
If you register for a specific BlackLine event, BlackLine may disclose the Personal Data you submit as part of registration to:
sponsors, partners and co-organizers (collectively, “Sponsors”) of the BlackLine event as reasonably necessary for the management and organization of the specific BlackLine event for which you registered or attended;
third-party service providers assisting BlackLine with the specific BlackLine event, subject to contractually agreed conditions of confidentiality and security; or
other third-parties for which you consent to disclosure in connection with the specific BlackLine event for which you registered or attended.
Event Sponsor Space Lists
Live Events: Forum event attendees are provided with badges having bar codes that may be scanned at Sponsor booths or sponsored activities or sessions (collectively, “Sponsor Booth”). If you allow your attendee badge to be scanned at a Sponsor booth, then you are consenting to allowing your contact information (first name, last name, title, company, email, phone, address, country) to be transferred to any Sponsor that scans the badge. In these circumstances, your information will be subject to such Sponsor’s privacy statement.
Virtual Events: If you choose to visit a Sponsor’s virtual space/virtual booth/virtual session, then your contact information (first name, last name, title, company, email, work phone, work address, work state, work zip code, country) is transferred to the Sponsor in real-time. In these circumstances, your information will be subject to such Sponsor’s privacy statement.
OFFICE VISITOR INFORMATION COLLECTION
If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and title. We use this information for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
OTHER PERSONAL DATA COLLECTION
If you submit questions, requests, other communications to us via forms, email, or other communication media, we may collect contact information, such as a name, job title, company name, address, phone number or email address. We process such Personal Data to respond to questions, requests and other communications from you.
If you express an interest in obtaining additional information about our services or if our marketing, sales, or business development teams send communications to you or reach out to you via telephone, we may process Personal Data you provide to us, including your name, phone number, email address, postal address, country, job title, job function, company name, or IP address. We process Personal Data to respond to your communications, to deliver relevant email content, for research and analytical purposes and to send you marketing information, product recommendations and other non-transactional communications about us, including information about our products and services, promotions, special offers or BlackLine events as necessary or to otherwise contact you about products or information we think may interest you.
If you communicate with us via a phone or video call, we may record and transcribe that call in accordance with applicable law, for training, quality assurance and administration purposes, but only if we’ve informed you of this beforehand and giving you the opportunity to not have the call recorded.
You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine being able to send you marketing information may apply depending on the jurisdiction.
3. PERSONAL DATA WE COLLECT FROM OTHER SOURCES
We also collect information about you from third parties and publicly available sources, and combine this information with Personal Data provided by you. The Personal Data we collect from other sources includes identifiers, professional and employment-related information, education information, commercial information, visual information, internet activity information and inferences about preferences and behaviors.
4. WHO DO WE SHARE PERSONAL DATA WITH?
We may disclose the following categories of Personal Data for our business purposes: identifiers, professional and employment-related information, education information, commercial information, visual information, internet activity information, financial information, and inferences drawn from any of the above information categories. Unless expressly specified otherwise, BlackLine will not share your Personal Data or User Information with third parties except as follows:
Affiliates. We may disclose Personal Data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Statement.
Business Transfers. If we are acquired by or merged with another company, if we are involved in a reorganization or other fundamental corporate change, or if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the Personal Data we have collected to the other company.
In Response to Legal Process. We also may use and disclose Personal Data we collect from you in order to comply with the applicable laws, or a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena or to meet national security or law enforcement requirements.
To Protect Us and Others. We also use and may disclose Personal Data we collect where we believe it is necessary in order to investigate, prevent or take action regarding actual or suspected illegal activities, violations of any contract or policy, or as evidence in litigation in which BlackLine is involved.
Service Providers, Contractors and Agents. We may disclose Personal Data to our third-party service providers, contractors and agents who assist us in business and technical operations. They provide services relating, but not limited to, IT and system administration and hosting, billing, financial transactions, customer support, internet and connectivity, marketing, BlackLine event organizing, or security pursuant to the legal bases described below.
Professional Advisors. In individual instances, we may share your Personal Data with professional advisors (including lawyers, bankers, auditors and insurers) who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obligated to share or have a legitimate interest in sharing your Personal Data.
Affiliated Customer. If you are an authorized user of the Hosted Service, we may disclose Personal Data to your affiliated customer responsible for your access to the Hosted Service.
Anonymous and De-Identified Information. We may share anonymous or de-identified information about users or usage data with third parties for the purpose of helping BlackLine in such analysis and improvements or for marketing, advertising, research or similar purposes. Additionally, BlackLine may share such anonymous or de-identified information about users or usage data on an aggregate basis in the normal course of operating our business (e.g., we may share information publicly to show trends about the general use of our services).
For more information, please contact us by using the information in the “Contacting BlackLine” section, below.
6. YOUR RIGHTS
You may have certain rights relating to your Personal Data, subject to local Data Protection Laws. “Data Protection Laws” means all laws and regulations (including, without limitation, the EU General Data Protection Regulation or “GDPR” and the California Consumer Privacy Act of 2018 or “CCPA”), applicable to our processing of your Personal Data under this Statement.
We have provided a summary below, but since some of the rights are complex, not all of the details have been included. We encourage you to read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Depending on the applicable Data Protection Laws these rights may include the right to:
Access your "Personal Data" held by us,
Know more about how we process your "Personal Data",
Rectify inaccurate "Personal Data" and, taking into account the purpose of processing the "Personal Data", ensure it is complete,
Erase or delete your "Personal Data", subject to certain exceptions,
Restrict our processing of your "Personal Data" (e.g., limit the use or disclosure of “sensitive personal information” as defined in the CCPA),
Transfer your "Personal Data" to another controller, to the extent possible,
Object to any processing of your "Personal Data",
Opt-out of certain disclosures of your "Personal Data" to third parties (e.g., opt-out of “selling” or “sharing” of personal information as those terms are defined in the CCPA),
If you’re under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, opt-in to certain disclosures of your "Personal Data" to third parties,
Not be discriminated against for exercising your rights described above,
Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (Automated Decision-Making), and
Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.
The CCPA require businesses to disclose whether they “sell” or “share” Personal Data, as those two terms are defined in the CCPA. We do not “sell” or “share” your Personal Data. We may share your Personal Data with third parties or allow them to collect your Personal Data if those third parties are authorized service providers, contractors or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of your Personal Data, or if you use our sites, services or systems to interact with third parties or direct us to disclose your Personal Data to third parties. See Section 4 (Who Do We Share Personal Data With?) above.
California law permits residents of California to request certain details about what Personal Data a company shares with third parties for the third parties’ direct marketing purposes. BlackLine does not share your Personal Data with third parties for the third parties’ own and independent direct marketing purposes. If you have any questions about what Personal Data BlackLine may share with third parties that are not already answered in this Policy, please contact BlackLine at: PrivacyRequest@blackline.com.
Financial Incentives: We will not discriminate against you, in any manner prohibited by applicable law, for exercising your rights specified in Section 6 (Your Rights) above. However, if you are a prospective customer, we may offer you certain financial incentives permitted by the CCPA. Please review our CCPA Financial Incentives Notice available here for more information.
7. HOW TO EXERCISE YOUR RIGHTS
To exercise your rights, please contact us by using the information in the “Contacting BlackLine” section, below. Your Personal Data may be processed in responding to these rights. We respond to all legitimate requests within a reasonable timeframe consistent with applicable Data Protection Laws unless otherwise required by law. To the extent permitted under applicable law, we will contact you if we need additional information from you in order to honor your request or verify your identity.
You may authorize another person (your “agent”) to submit a request on your behalf. If an authorized agent will be submitting a request for you, please contact us by using the information in the “Contacting BlackLine” section below. Please note that we are required to verify that your agent has been properly authorized to request information on your behalf (e.g., by asking your agent to provide us with a copy of your written authorization designating them as your authorized agent) and this may take additional time to fulfill your request.
You may unsubscribe from our marketing communications by either clicking on the “unsubscribe” link located at the bottom of our e-mails; updating your communication preferences; or contacting us using the information in the “Contacting BlackLine” section below.
If you are an employee of a BlackLine customer, we recommend you contact your employer’s system administrator for assistance in accessing, correcting, updating or deleting your Personal Data in our Hosted Service.
8. GENERAL PROVISIONS APPLICABLE TO ALL PERSONAL DATA
We process your Personal Data on one of the following legal bases:
Performance of a contract. When you or your company enter into an agreement with us, we will process your Personal Data to fulfill the terms of our contract (for example, the Hosted Service).
Legitimate interests. We may use your Personal Data for our legitimate interests provided that our legitimate interests are not outweighed by any prejudice or harm to your rights and freedoms, including:
improving our products and services and the content on our Public Website or Hosted Service (for example to manage our network, improve the service, and better tailor the features, performance and support of the service);
operating and administering our Public Website and the Hosted Service;
promoting the safety and security of the Public Website and the Hosted Service;
fulfilling your requests and communicating with you when you contact us; and
marketing and promoting the Hosted Service.
Consent. In some cases, you will give us consent to use your Personal Data for a specific purpose. For example, we will rely on your consent to use technical information such as cookie data.
Legal obligations. We may be required to process your Personal Data to comply with our legal obligations.
Retention and Storage of Information Collected
In accordance with the data minimization and purpose limitation principles, BlackLine will store your Personal Data for as long as reasonably necessary, and only for as long as required to fulfill the purposes of processing your Personal Data. Notwithstanding the foregoing, we may retain your Personal Data if such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. If we process your Personal Data, it may be erased automatically, or saved in a format which does not allow any direct conclusions to be drawn as to your identity as soon as the last specific purpose has been fulfilled.
We will not intentionally collect or process, and do not want you to provide, any sensitive Personal Data, including:
Personal Data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
genetic or biometric data;
data concerning your medical or health condition; and
data concerning your sex life or sexual orientation.
Children’s Online Privacy Protection
Neither the Public Website nor the Hosted Service are designed for or directed to children. We do not intentionally collect or maintain information about anyone under the age of 16.
If you believe that we have collected Personal Data from a child under the age of 16, please contact us by using the information in the “Contacting BlackLine” section below, and we will make reasonable efforts to delete such information from our records.
We take precautions including organizational, technical and physical measures designed to safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the Personal Data we process or use. If you have any questions about the security of Personal Data, please contact us by using the information in the “Contacting BlackLine” section, below.
International Transfer of Personal Data
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third-parties disclosed in Section 4, above, that are based in other countries. Therefore, your Personal Data may be processed outside your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction. We have implemented safeguards to ensure an adequate level of data protection where your Personal Data is transferred outside of your country or jurisdiction.
Do Not Track Requests
Certain web browsers have incorporated a “Do Not Track” feature. This feature, when turned on, sends a preference to the websites you visit indicating that you do not wish to be tracked. Those sites (or the third-party content on those sites) may continue to engage in activities you might view as tracking even though you have expressed this preference, depending on the sites’ privacy practices. Because there is not yet a commonly-accepted standard on how to interpret Do Not Track requests, BlackLine does not currently respond to browser Do Not Track requests on its websites or online services.
Changes to this Privacy Statement
BlackLine reserves the right to change this Statement as necessary or advisable to accommodate changes to the law, technology, our operations or other circumstances. We encourage you to periodically review this notice for the latest information on our privacy practices.
If you have any questions about this Statement or our privacy practices, or if you have a disability and need to access this Statement in a different format, please contact us at PrivacyRequest@blackline.com.
You may also contact us by postal mail at:
BlackLine Systems, Inc.
21300 Victory Blvd., 12th Floor
Woodland Hills, CA 91367
Attn: Data Protection Officer