BlackLine Privacy Policy

Effective: May 10, 2022

BLACKLINE PRIVACY STATEMENT

This BlackLine Privacy Statement (“Statement”) describes how we collect, use, share and otherwise process information relating to an identified or identifiable individual or household (“Personal Data”), and explains your related rights regarding our processing of your Personal Data. A reference to “BlackLine,” “we,” or “us” is a reference to BlackLine Systems, Inc., 21300 Victory Blvd 12th Floor, Woodland Hills, CA 91367 and the relevant affiliate involved in the processing activity.

1.   PROCESSING ACTIVITIES COVERED

This Statement applies to the processing of Personal Data collected by us when you:

  • Visit our public website at www.blackline.com (“Public Website”);

  • Use our cloud products and services as an authorized user (for example, as an employee of one of our customers who provided you with access to our services), whether through our hosted service website or any of our mobile apps or otherwise (“Hosted Service”);

  • Receive communications from us, including emails, phone calls, or texts;

  • Visit our offices; or

  • Register for, attend and/or otherwise take part in our events or webinars.

BlackLine is the controller of your Personal Data as described in this Statement, unless expressly specified otherwise, and may act as a joint controller with its EU affiliates for the Personal Data of EU customers and prospects.  

We may process Personal Data submitted by or for a customer to our Hosted Service. To this end, we process such Personal Data in the role of a processor on behalf of a customer (and/or its affiliates) who is the controller of the Personal Data concerned.  Our Hosted Service permits customers to share and manage information by uploading and submitting data or content that can be shared, stored, and accessed through the Hosted Service (“Customer Data”). This Statement does not cover Customer Data, including any Personal Data contained in it. Customers control the nature of Customer Data and are the data controllers. We are a data processor of such Customer Data, which means we only use it as directed by our customers.

2.   WHAT PERSONAL DATA DO WE COLLECT DIRECTLY FROM YOU?

The Personal Data we collect directly from you may includes identifiers, professional or employment-related information, financial account information, commercial information, visual information, internet activity information and inferences drawn from any of the above information categories. We collect such information in the following situations:

PUBLIC WEBSITE INFORMATION COLLECTION

Information Collected

As you navigate the Public Website, BlackLine may collect information such as your Internet Protocol (IP) address, Web browser information and your actions while on the Public Website. This information will be collected, if at all, through the use of commonly-used information-gathering tools, such as cookies and web beacons. Standing alone, this information does not directly identify you personally. You can configure the types of cookies that will be active while browsing with the consent manager accessible from our Public Website. When expressing interest in BlackLine’s products or services, or using our “Contact Us” or similar features, you may have the option to provide contact information such as your name, job title, organization name, address, e-mail address, or phone number. You may also have the option of engaging in a “live chat” or other form of interactive communication, during which BlackLine may collect a record of information disclosed by you. Providing this optional information is voluntary on your part, and in the absence of providing such information you remain anonymous to BlackLine.

Use of Information Collected

We use your information, including your Personal Data, for the following purposes:

  • To provide our Public Website and other services to you, to communicate with you about your use of our Public Website and services, to diagnose technical problems, to respond to your inquiries and for other customer service purposes.

  • To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Public Website.

  • To send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters) about us, including information about our products and services, promotions, special offers or events as necessary or to otherwise contact you about products or information we think may interest you.  You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine being able to send you marketing information may apply depending on the jurisdiction.

  • To better understand how individuals access and use our Public Website, both on an aggregated and individualized basis, in order to improve our Public Website and services and respond to user desires and preferences, and for other research and analytical purposes.

Automated Decision Making

We may use automated decision making to display or send recommendations and personalized offers to you based on your Personal Data, which may include your browsing history, geographic location, employer, job title, and other non-sensitive data.

In cases where information has been limited to a certain area through automated decision making based on your Personal Data, we will present you with the option to view more general information outside of that area that has not been limited.

Third Party Links

The Public Website may contain links to other web sites or third-party applications such as Facebook, Twitter, LinkedIn or YouTube. BlackLine is not responsible for the privacy practices or the content of these other web sites or applications, and we advise you to refer to the policy statements of these third parties to understand how they collect and use information.

HOSTED SERVICE INFORMATION COLLECTION

BlackLine collects information, including Personal Data, from users of the Hosted Service (“User Information”). “User Information” does not include Customer Data. Access to the Hosted Service is subject to the terms and conditions of a Master Subscription Agreement or similar agreement between BlackLine and the party or entity that has subscribed to the Hosted Service. Any User Information provided through the Hosted Service will be subject to this Statement, unless otherwise specified in the Master Subscription Agreement.

Information Collected

The User Information that we collect from you in connection with the Hosted Service includes the following:

  • In order for a user to access the Hosted Service, a user may submit Personal Data to the Hosted Service (e.g., user first and last name and e-mail).

  • Information about your device and your usage of the Hosted Service through cookies, web beacons, log files or similar technologies, such as IP addresses or other identifiers, which may qualify as Personal Data.

  • User profile information voluntarily provided by users, for example a phone number or profile picture.

  • If you request customer support, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, and/or email address.

  • Financial Information that our customers upload to the Hosted Service may also include Personal Data.

Use of Information Collected

BlackLine uses User Information for the purpose of providing and improving the Hosted Service, maintaining security, processing customer payments, communicating with you about your use of the Hosted Service, responding to communications from you, diagnosing technical problems, handling support requests, providing technical support and other customer service and support purposes, and for other research and analytical purposes.

If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request.

In addition, BlackLine uses User Information to assess and identify potential customer opportunities and send marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters) about us, including information about our products and services, promotions, special offers, educational webinars, best practice summits or other events, or to otherwise contact you about products or information we think may interest you.  

You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine’s ability to send you marketing information may apply depending on jurisdiction. Please note that opting-out of marketing communications does not affect your receipt of business communications that are important to your interaction with BlackLine, such as communications about your subscriptions, service announcements, support/service communications, security updates, event registration updates or account management communications.

BLACKLINE EVENTS INFORMATION COLLECTION

For the purposes of this Statement, a “BlackLine event” includes any conference, webinar, forum, seminar or workshop, whether taking place virtually or in-person.

Information Collected

If you register for a BlackLine event, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, and/or email address. You may also be required to provide your financial and billing information (such as billing name and address, and credit card number). If you attend a BlackLine event, we may with your further consent scan your attendee badge, which will provide us your information, such as name, title, company name, address, phone number and email address.

Use of Information Collected

By registering for a specific BlackLine event, you agree to BlackLine’s processing of the Personal Data you submit as part of registration for the following purposes:

  • to communicate with you regarding the specific BlackLine event for which you registered or that you attend;

  • to perform our contract with you;

  • for our internal reporting purposes;

  • as reasonably necessary for the management and organization of the specific BlackLine event for which you registered or that you attend;

  • for any other purpose to which you consent in connection with the specific BlackLine event for which you registered or that you attend; and

  • for research and analytical purposes.

 

If you have provided payment information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.

 

Disclosure of Information Collected

If you register for a specific BlackLine event, BlackLine may disclose the Personal Data you submit as part of registration to:

  • sponsors, partners and co-organizers (collectively, “Sponsors”) of the BlackLine event as reasonably necessary for the management and organization of the specific BlackLine event for which you registered or attended;

  • third-party service providers assisting BlackLine with the specific BlackLine event, subject to contractually agreed conditions of confidentiality and security; or

  • other third-parties for which you consent to disclosure in connection with the specific BlackLine event for which you registered or attended.

Event Sponsor Space Lists

  • Live Events: Forum event attendees are provided with badges having bar codes that may be scanned at Sponsor booths or sponsored activities or sessions (collectively, “Sponsor Booth”). If you allow your attendee badge to be scanned at a Sponsor booth, then you are consenting to allowing your contact information (first name, last name, title, company, email, phone, address, country) to be transferred to any Sponsor that scans the badge. In these circumstances, your information will be subject to such Sponsor’s privacy statement.

  • Virtual Events: If you choose to visit a Sponsor’s virtual space/virtual booth/virtual session, then your contact information (first name, last name, title, company, email, work phone, work address, work state, work zip code, country) is transferred to the Sponsor in real-time. In these circumstances, your information will be subject to such Sponsor’s privacy statement.

OFFICE VISITOR INFORMATION COLLECTION

If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, and title. We use this information for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.

OTHER PERSONAL DATA COLLECTION

If you submit questions, requests, other communications to us via forms, email, or other communication media, we may collect contact information, such as a name, job title, company name, address, phone number or email address. We process such Personal Data to respond to questions, requests and other communications from you.

If you express an interest in obtaining additional information about our services or if our marketing, sales, or business development teams send communications to you, we may process Personal Data you provide to us, including your name, phone number, email address, postal address, job title, job function, company name, or IP address. We process Personal Data to respond to your communications, to deliver relevant email content, for research and analytical purposes and to send you marketing information, product recommendations and other non-transactional communications about us, including information about our products and services, promotions, special offers or BlackLine events as necessary or to otherwise contact you about products or information we think may interest you.  

If you communicate with us via a phone or video call, we may record that call in accordance with applicable law, but only if we’ve informed you of this beforehand and giving you the opportunity to not have the call recorded.

You can opt out of being contacted by us for marketing or promotional purposes by following the instructions in marketing emails we send or by using the information in the “Contacting BlackLine” section, below. Additional restrictions on BlackLine being able to send you marketing information may apply depending on the jurisdiction.

3.   PERSONAL DATA WE COLLECT FROM OTHER SOURCES

We also collect information about you from third parties and publicly available sources, and combine this information with Personal Data provided by you. The Personal Data we collect from other sources includes identifiers, professional and employment-related information, education information, commercial information, visual information, internet activity information and inferences about preferences and behaviors.

4.   WHO DO WE SHARE PERSONAL DATA WITH?

We may disclose the following categories of Personal Data for our business purposes: identifiers, professional and employment-related information, education information, commercial information, visual information, internet activity information, financial information, and inferences drawn from any of the above information categories. Unless expressly specified otherwise, BlackLine will not share your Personal Data or User Information with third parties except as follows:

  • Affiliates. We may disclose Personal Data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Statement.

  • Business Transfers. If we are acquired by or merged with another company, if we are involved in a reorganization or other fundamental corporate change, or if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the Personal Data we have collected to the other company.

  • In Response to Legal Process. We also may use and disclose Personal Data we collect from you in order to comply with the applicable laws, or a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena or to meet national security or law enforcement requirements.

  • To Protect Us and Others. We also use and may disclose Personal Data we collect where we believe it is necessary in order to investigate, prevent or take action regarding actual or suspected illegal activities, violations of any contract or policy, or as evidence in litigation in which BlackLine is involved.

  • Vendors, Service Providers, Contractors and Agents.  We may disclose Personal Data to our third-party vendors, service providers, contractors and agents who assist us in business and technical operations. They provide services relating, but not limited to, IT and system administration and hosting, billing, financial transactions, customer support, internet and connectivity, marketing, BlackLine event organizing, or security pursuant to the legal bases described below.

  • Professional Advisors. In individual instances, we may share your Personal Data with professional advisors (including lawyers, bankers, auditors and insurers) who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obligated to share or have a legitimate interest in sharing your Personal Data.

  • Affiliated Customer. If you are an authorized user of the Hosted Service, we may disclose Personal Data to your affiliated customer responsible for your access to the Hosted Service.

  • Sub-processors.If you are an authorized user of the Hosted Service, we may disclose Personal Data as necessary to provide the Hosted Service. We may disclose User Information to sub-processors as necessary to provide the Hosted Services as disclosed and consented to you in a data processing agreement or otherwise.

  • Anonymous and De-Identified Information. We may share anonymous or de-identified information about users or usage data with third parties for the purpose of helping BlackLine in such analysis and improvements or for marketing, advertising, research or similar purposes. Additionally, BlackLine may share such anonymous or de-identified information about users or usage data on an aggregate basis in the normal course of operating our business (e.g., we may share information publicly to show trends about the general use of our services).

For more information, please contact us by using the information in the “Contacting BlackLine” section, below.

5.   COOKIES

Regarding our use of Cookies, please follow this link to our cookies policy here.

6.   YOUR RIGHTS

You may have certain rights relating to your Personal Data under local data protection laws. We have provided a summary below, but since some of the rights are complex, not all of the details have been included. We encourage you to read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. For example, these rights may include:

European Economic Area
  • Access. To access your Personal Data held by us.

  • Rectification. To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete.

  • Erasure. To erase/delete your Personal Data, to the extent permitted by applicable data protection laws.

  • Restriction. To restrict our processing of your Personal Data, to the extent permitted by law.

  • Portability. To transfer your Personal Data to another controller, to the extent possible. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.

  • Objection. To object to any processing of your Personal Data carried out on the basis of our legitimate interests. Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.

  • Automated Decision-Making. Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.

  • Withdrawal of Consent. To the extent we base the collection, processing and sharing of Personal Data on your consent, to withdraw your consent at any time, without effecting the lawfulness of the processing based on such consent before its withdrawal, and to lodge a complaint with your national supervisory authority.

  • Exercise of Rights. To exercise your rights, please contact us by using the information in the “Contacting BlackLine” section, below.

California
  • Access. To access your Personal Data held by us and to know what Personal Data is collected, used, shared or sold, both as to the categories and specific pieces of Personal Data. You can ask us to confirm that we are processing your Personal Data, provide you with details about such processing, and give you a copy of your Personal Data. Such details include the categories of Personal Data we have collected about you, the categories of sources from which your Personal Data is collected, the business or commercial purpose for collecting or selling (if applicable) your Personal Data, the categories of third parties with whom we share your Personal Data and the specific pieces of Personal Data we have collected about you. BlackLine does not currently sell Personal Data to third parties.

  • Erasure. To the extent permitted by applicable data protection laws, to erase/delete your Personal Data, subject to certain exceptions. 

  • Portability. To transfer your Personal Data to another controller, to the extent possible. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.

  • Non-discrimination. The right to non-discrimination in terms of price or service when you choose to exercise your privacy rights.

  • Opt-Out and Opt-In to Sale of Personal Data. BlackLine does not sell Personal Data to third parties, so no opt-out or opt-in choices related to the sale of Personal Data apply. Where an organization does sell Personal Data, you are able to direct that business to stop selling your Personal Data. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13. Again, BlackLine does not currently sell Personal Data to third parties, so no opt-out or opt-in choices apply.

  • Disclosure. If a business sells your Personal Data to a third party, you have the right to know the categories of Personal Data the business sold about you, and the categories of third parties the business sold it to, including list by category of Personal Data for each third party to which the business sold Personal Data. BlackLine does not sell Personal Data to third parties, so there is nothing for us to disclose to you based on your right to know this information.

  • Exercise of Rights. To exercise your rights, please contact us by using the information in the “Contacting BlackLine” section, below.

  • California law permits residents of California to request certain details about what Personal Data a company shares with third parties for the third parties’ direct marketing purposes. BlackLine does not share your information with third parties for the third parties’ own and independent direct marketing purposes. If you have any questions about what personal information BlackLine may share with third parties that are not already answered in this Statement, please contact BlackLine at: PrivacyRequest@blackline.com.

7.   HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, or to verify, correct, or update the Personal Data you have provided to BlackLine, please contact us by using the information in the “Contacting BlackLine” section below.

We try to respond to all legitimate requests as soon as reasonably practicable, and consistent with any applicable laws and, to the extent permitted under applicable law, will contact you if we need additional information from you in order to honor your request. We may need to verify your identity before completing your rights request, which may include requesting information sufficient to confirm your identity.

If you are an employee of one of our customers, we recommend you contact your company’s license administrator for assistance in correcting or updating your information.

You may authorize another person (your “agent”) to submit a request on your behalf. If an authorized agent will be submitting a request for you, please contact us by using the information in the “Contacting BlackLine” section below. Please note that we are required to verify that your agent has been properly authorized to request information on your behalf (e.g., by asking your agent to provide us with a copy of your written authorization designating them as your authorized agent) and this may take additional time to fulfill your request.

For requests to erase or delete Personal Data, please note that we may be required, by applicable law or otherwise, to keep your Personal Data and not delete it, or to keep your information for a certain time, in which case we will comply with your deletion request only after we’ve fulfilled such requirements. In certain situations, we might be unable to provide you with information on all of your Personal data due to legal requirements. If we have to deny your request for information because of legal requirements, we will state the reasons for denial.

BlackLine visitors and customers may contact us to request that we limit the use of Personal Data. If, at any time after providing Personal Data, you change your mind about receiving information from us or about sharing your information with third parties, please contact us by using the information in the “Contacting BlackLine” section, below.

8.   GENERAL PROVISIONS APPLICABLE TO ALL PERSONAL DATA

We process your Personal Data on one of the following legal bases:

  • Performance of a contract. When you or your company enter into an agreement with us, we will process your Personal Data to fulfill the terms of our contract (for example, the Hosted Service).

  • Legitimate interests. We may use your Personal Data for our legitimate interests provided that our legitimate interests are not outweighed by any prejudice or harm to your rights and freedoms, including:

    • improving our products and services and the content on our Public Website or Hosted Service (for example to manage our network, improve the service, and better tailor the features, performance and support of the service);

    • operating and administering our Public Website and the Hosted Service;

    • promoting the safety and security of the Public Website and the Hosted Service;

    • fulfilling your requests and communicating with you when you contact us; and

    • marketing and promoting the Hosted Service.

  • Consent. In some cases, you will give us consent to use your Personal Data for a specific purpose. For example, we will rely on your consent to use technical information such as cookie data.

  • Legal obligations. We may be required to process your Personal Data to comply with our legal obligations.

Retention and Storage of Information Collected

In accordance with the data minimization and purpose limitation principles, BlackLine will store your Personal Data for as long as reasonably necessary, and only for as long as required to fulfill the purposes of processing your Personal Data. Notwithstanding the foregoing, we may retain your Personal Data if such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. If we process your Personal Data, it may be erased automatically, or saved in a format which does not allow any direct conclusions to be drawn as to your identity as soon as the last specific purpose has been fulfilled.

Sensitive Information

We will not intentionally collect or process, and do not want you to provide, any sensitive Personal Data, including:

  • Personal Data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;

  • genetic or biometric data;

  • data concerning your medical or health condition; and

  • data concerning your sex life or sexual orientation.

Children’s Online Privacy Protection

Neither the Public Website nor the Hosted Service are designed for or directed to children. We do not intentionally collect or maintain information about anyone under the age of 16.

If you believe that we have collected Personal Data from a child under the age of 16, please contact us by using the information in the “Contacting BlackLine” section below, and we will make reasonable efforts to delete such information from our records.

Security

We take precautions including organizational, technical and physical measures designed to safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the Personal Data we process or use. If you have any questions about the security of Personal Data, please contact us by using the information in the “Contacting BlackLine” section, below.

International Transfer of Personal Data

Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third-parties disclosed in Section 4, above, that are based in other countries. Therefore, your Personal Data may be processed outside your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction. We have implemented safeguards to ensure an adequate level of data protection where your Personal Data is transferred outside of your country or jurisdiction.

Do Not Track Requests

Certain web browsers have incorporated a “Do Not Track” feature. This feature, when turned on, sends a preference to the websites you visit indicating that you do not wish to be tracked. Those sites (or the third-party content on those sites) may continue to engage in activities you might view as tracking even though you have expressed this preference, depending on the sites’ privacy practices. Because there is not yet a commonly-accepted standard on how to interpret Do Not Track requests, BlackLine does not currently respond to browser Do Not Track requests on its websites or online services.

Changes to this Privacy Statement

BlackLine reserves the right to change this Statement as necessary or advisable to accommodate changes to the law, technology, our operations or other circumstances. We encourage you to periodically review this notice for the latest information on our privacy practices.

Contacting BlackLine

To exercise your rights regarding your Personal Data, or if you have questions regarding this Statement, please email BlackLine’s Security Administrator at PrivacyRequest@blackline.com or mail us at:

BlackLine Systems, Inc.
21300 Victory Blvd., 12th Floor
Woodland Hills, CA 91367

Attn: Security Administrator

If you have a disability which prevents you from accessing this Statement, please contact PrivacyRequest@blackline.com to access this Statement in an alternative format.

 

 

The Future of Accounting Is Here