Effective 08/18/2025
This Privacy Policy (“Policy”) describes how BlackLine collects, uses, shares or otherwise processes data that (either in isolation or in combination with other information) enables you to be directly or indirectly identified (“Personal Data”), and explains the rights you may have in relation to your Personal Data.
Personal Data does not include information that is publicly available, de-identified, aggregated, or otherwise exempted by applicable data protection laws. Such information is not subject to the terms of this Policy.
This Policy may be supplemented by additional privacy statements, terms or notices provided to you.
We operate a software-as-a-service (SaaS) business model typically for enterprise customers where we sell subscriptions to our products and services. The “Hosted Service” shall mean our SaaS software and technology platform and applications made available for use online or through mobile devices, as defined in our Master Subscription Agreement (“MSA”).
A reference to “BlackLine,” “we,” “us,” “our,” or “ours” is a reference to BlackLine Systems, Inc., 21300 Victory Blvd 12th Floor, Woodland Hills, CA 91367 and/or the relevant affiliate or subsidiary involved in the processing activity. The BlackLine entity that controls your Personal Data may differ depending on where you reside and/or where you interact with us.
Table of Contents:
1. What our Privacy Policy Covers
2. How We Collect and Use your Personal Data
a. Personal Data Provided by You
b. Personal Data Collected Automatically
c. Personal Data Obtained from Other Sources
d. Legal Basis
4. How We Disclose your Personal Data
5. How We Protect your Personal Data
6. How We Transfer your Personal Data Internationally
7. How We Retain your Personal Data
9. Exercising Your Privacy Rights and Choices
11. Changes to this Privacy Policy
12. Contact Us
Download/print a copy of this Policy (printer-friendly PDF)
What our Privacy Policy Covers
Some data protection laws in various jurisdictions distinguish between “controllers” and “processors” of Personal Data. While other jurisdictions may use different terminology, the concept typically remains the same. A controller decides why and how to process Personal Data. A processor only processes Personal Data on behalf of a controller based on the controller’s instruction; the processor does not make decisions about Personal Data. BlackLine may be either a controller or a processor, depending on the scenario. BlackLine may act as a joint controller with its European affiliates for the Personal Data of European individuals.
This Policy only applies when BlackLine is the data controller of your Personal Data, and explains how we collect, use, and share your Personal Data for our own purposes. This Policy covers when you:
Interact with us, including via our websites or any sites or services that link to this Policy or our branded social media pages,
Visit a BlackLine office,
Interact with us as a representative of a company, entity or institution that has (or is considering) a business relationship with BlackLine (e.g., as our customer, partner, service provider or supplier),
Use our products and services, including our Hosted Service, where we act as a controller of your Personal Data (e.g., to authorize your access to your organization’s account with us),
Create or use an account offered directly by BlackLine (e.g., BlackLine’s partner portal), as opposed to our customers, partners or other third parties,
Register for, attend or take part in an event, webinar, conference, forum, seminar, workshop, summit, program, training or certification hosted or co-hosted by BlackLine,
Register for, attend or take part in a BlackLine contest, raffle, promotion, giveaway or sweepstakes,
Participate in surveys, research or other similar data collection facilitated by us, or
Receive a communication from us (e.g., sales or marketing communication), subscribe to receive communications from us (e.g., newsletters, notifications/alerts, or updates), or otherwise communicate with us, including e-mails, telephone calls, texts, faxes or chatbot.
Customer Data: Our customers and partners control the data they put into our products and services (“Customer Data”) and how it is used. This Policy does not cover how we process Personal Data on behalf of our customers and partners as a processor. This Policy does not cover Personal Data we process as a data processor including, without limitation, Customer Data, including any Personal Data contained therein. If your Personal Data has been submitted to us by or on behalf of a BlackLine customer or partner and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer or partner directly. BlackLine cannot respond directly to your request. We are not responsible for the privacy or data security practices of our customers and partners, which may differ from those explained in this Policy.
Third Party Links: Our websites and services may contain links to other websites, applications, platforms and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.
How we Collect and Use your Personal Data
Sometimes, we may ask you to provide Personal Data voluntarily (e.g., we may ask you to provide your contact details to create an account with us, to subscribe to marketing communications from us, and/or to submit inquiries to us). The types of Personal Data that we collect directly from you depend on how you interact with us and the products and services you access and use. In some cases, we combine the Personal Data you provide.
The Personal Data we collect directly from you may include identifiers, professional or employment-related information, financial account information, commercial information, visual information, internet activity information, among others. We collect such information in the following situations and not all categories may be applicable to you:
A. Personal Data Provided by You
Sometimes, we may ask you to provide Personal Data voluntarily (e.g., we may ask you to provide your contact details to create an account with us, to subscribe to marketing communications from us, and/or to submit inquiries to us). In some cases, we combine the Personal Data you provide.
The Personal Data we collect directly from you may include identifiers, professional or employment-related information, financial account information, commercial information, visual information, internet activity information, among others. We collect such information in the following situations:
1. When you communicate with us or receive communications from us. When you contact us, submit a form, request a demo, or ask for more information about our products, services, programs, sweepstakes, or events, we may ask you to provide us with contact information such as your name, business e-mail, telephone number, company name, job level or title, functional role, and address. You may have the option of engaging in a “live chat” or other form of interactive communication with us, during which BlackLine (or our third-party service provider acting on our behalf) may collect a record of information disclosed by you. Such “live chat” may be a chatbot that creates AI generated responses based on your question. The purpose for processing such Personal Data includes:
Fulfilling your request and communicating with you, or
Providing you with information about our products, services, programs, sweepstakes, and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails).
2. If you are our service provider or supplier. If you are a representative of an organization that provides BlackLine with products or services, we collect your business contact information including your name, business e-mail, telephone number, country, job level or title, functional role and company name. The purpose for processing such Personal Data includes:
Managing your organization’s account, including invoicing and other account-related issues,
Vendor relationship management, or
Communicating with you and responding to your inquiries.
3. If your organization is our customer, partner, prospective customer, or prospective partner. If you are a representative of an organization that has (or is exploring) a business relationship with us, we may collect your business contact information including your name, business e-mail, telephone number, country, job level or title, functional role, company name and address. Additionally, if you contact BlackLine for support related to your organization’s use of our products, services, programs, or events, we will also collect information about the reason for your inquiry and any other information you choose to provide to us. The purpose for processing such Personal Data includes:
Contacting you and responding when you submit a form, request a demo, or ask for more information about our products, services, programs, sweepstakes, or events,
Contacting you to understand your business needs and determine whether the Hosted Service may be a good fit,
Fulfilling your request and communicating with you,
Managing your organization’s account or subscription with us, including billing and invoicing, payment processing, maintaining business records, coordinating with relevant contacts at your organization, customer relationship management, and communicating about account status or account-related issues,
Sharing information about contractual obligations, renewals, service terms, legal updates, or compliance matters,
Relevant operational communications that affect your organization’s use of the Hosted Service, or
Providing you with information about our products, services, programs, sweepstakes, and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails).
4. If you are an end user of BlackLine’s Hosted Service through a BlackLine customer. When you use our Hosted Service, you may provide certain information (e.g., your name, e-mail, telephone number, country, job level or title, functional role, usage history, product interactions) where we act as a controller. Your user profile data may be exported from the Hosted Service to systems outside the Hosted Service like our CRM. Additionally, to access the Hosted Service, we will collect account login credentials, such as usernames and passwords, to ensure that you can log in to use the Hosted Service securely and efficiently. For services that require it, we will also collect authentication information, such as a mobile number, e-mail address, or other unique verification identifiers. The purpose for processing such Personal Data includes:
Creating and authenticating your organization’s account with us, and authorizing and managing your access to your organization’s account with us (e.g., enforcing security measures, including access controls and logging),
Providing, supporting, maintaining, securing, developing, and improving our products and services (e.g., diagnosing and resolving technical issues), and communicating with you in connection with the foregoing (e.g., sending you service communications, product-related operational communications such as feature updates or scheduled maintenance, or communicate essential changes to terms or policies),
Sending you product documentation or training opportunities like tutorials, webinars, walkthroughs, in-product guidance or other education resources relevant to your use of the Hosted Service,
Customer relationship management and managing your organization’s account or subscription with us, including billing and invoicing,
Processing and fulfilling your communication preferences, requests, orders, downloads, subscriptions or other transactions,
Responding to your requests, inquiries, concerns or support tickets,
Offering customized training or content or other personalization to make the Hosted Service more relevant to you, your needs, your location, or interests,
Communicating with you about your (and your organization’s) experience with BlackLine (e.g., in-product feedback from you to enhance user experience), and for user engagement relevant to your use of the Hosted Service (e.g., inviting you to participate in surveys, product advisory boards, beta testing, or user research),
Providing customer enablement relevant to your use of the Hosted Service (e.g., recommending relevant features, modules, best practices, or resources to help you use the Hosted Service effectively), or
Providing you with information about our products, services, programs, sweepstakes, and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails).
5. If you register for an account or program directly with us. Typically, when you use the Hosted Service through your organization, your account is controlled and owned by that organization (see ‘If you are an end user of BlackLine’s Hosted Service through a BlackLine customer’ section above). In some circumstances, you may register for an account directly with BlackLine rather than through your organization—for example, if you register for an account to access BlackLine Community, Optimization Academy, Partner Portal, or BlackLine University. In those cases, we collect the account registration information you give us (for example, your name, e-mail, telephone number, country, job level or title, address, and functional role) and your profile information (for example, your company name and address). In some cases, you may have the option to personalize your account with additional information such as a photo, a social media profile, or other personal information. For services that require it, we also will collect authentication information, such as mobile number, email address, or other unique verification identifiers. Additionally, to access your account (if applicable), we will collect account login credentials, such as usernames and passwords, to ensure that you can log in to use your account securely and efficiently. If you sign up for a BlackLine training or learning course covered by this Policy, we will collect the account registration information, as well as enrollment and attendance information (including when your registration is paid for by a BlackLine customer or partner). If applicable, we may also collect payment information directly from you. The purpose for processing such Personal Data includes:
Creating and authenticating your account with us, and authorizing and managing your access to your account with us (e.g., enforcing security measures, including access controls and logging),
Managing your account with us and the relationship you have with us, including delivering the requested program or services to you, and communicating with you in connection with the foregoing,
To provide access to account/program materials, courses, discussions, certifications, and other related content or services,
To track course completion, issue certificates, manage learning paths, and maintain user records (e.g., for professional development tracking),
To send necessary updates, announcements, and service-related communication about your account or program,
To allow you to interact with other participants (e.g., through discussion threads), depending on your account or program features,
Developing and improving your account with us and our programs, products and services,
Recommending relevant best practices or resources relevant to your account/program with us, including sending you training opportunities like tutorials, webinars, or other education resources relevant to your account/program with us, or
Processing and fulfilling your communication preferences, requests, orders, downloads, subscriptions or other transactions,
Responding to your requests, inquiries, concerns or support tickets,
Offering customized training or content or other personalization to make our programs, products and services more relevant to you, your needs, your location, or interests,
Communicating with you about your experience with BlackLine, and for engagement relevant to your account or program (e.g., inviting you to participate in surveys about your account or program), or
Providing you with information about our products, services, programs, sweepstakes, and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails).
6. If you subscribe to notifications. If you subscribe to notifications from us (e.g., Trust site or Hosted Service), we may collect your name, e-mail address and mobile number to provide such notifications. You can unsubscribe at any time excluding e-mail notifications to end users of the Hosted Service that are operational notifications regarding the Hosted Service.
7. If you participate in or register for BlackLine events and webinars. When you attend, participate in or register for a conference, forum, seminar, workshop, summit, webinar or event, whether taking place virtually or in-person and whether hosted or co-hosted by BlackLine (collectively, an “Event”), we may ask you to provide us with your contact information such as your name, job title, company name, address, country, phone number and e-mail address; your health and safety information such as your emergency contact, special accommodations and your dietary preferences; photos and videos of you taken at the Event; or your billing information such as your billing name, billing address, and credit card number. If you use a BlackLine event-related mobile application, we may also collect additional information from your device, such as your photos, contacts, or geolocation data, in accordance with your device’s privacy settings. If you attend an Event (e.g., a trade show), we may with your further consent scan your attendee badge (either virtually on in-person), which will provide us with your information, such as your image, name, title, company name, address, phone number and e-mail address. If we need to collect other Personal Data from you, we will explain which information we need and why at the time we collect it. The purpose for processing such Personal Data includes:
Managing, organizing, planning, supporting, hosting and securing the Event,
Registering participants, confirming attendance, managing waitlists, and providing access to the Event,
Sending event materials, logistics, session updates, joining instructions, speaker details, and other event-related information or items,
Monitoring attendance, session participation, and interaction levels (e.g., polling or Q&A engagement during the Event),
Sending post-event surveys, recordings, presentation materials, or other relevant resources,
Analyzing feedback and engagement data to improve future Events or refine content,
Capture and use photos or video or audio recordings from Events for promotional or internal purposes – subject to appropriate notice and consent where legally required,
Invoicing and processing payments, or
Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails).
8. If you participate in research with us or otherwise provide us with feedback. When you participate in or register for a BlackLine study, survey, panel, panel pool, or voluntarily submit certain information to us such as providing BlackLine with a testimonial or feedback about our products, services or sales process, we may ask for your name, e-mail address, telephone number, address, company, employment status, tenure, role, job information, gender, age group, and other information relevant to the study or feedback. For certain studies and feedback, we may also take photos, videos, or audio recordings (with your permission and in accordance with applicable laws). The purpose for processing such Personal Data includes:
Fulfilling the purpose set out in the study or survey, including sending any incentives,
Improving your (or your organization’s) experience interacting with BlackLine,
Identifying the BlackLine research studies best suited to you based on your attributes and invite you to participate via e-mail,
Identifying potential product improvements or future product developments for our products and services,
Contextualizing your feedback and experience with our products and services so that we can improve them,
Improving how we conduct research,
Analysis on why we win and lose sales opportunities, or
With your permission and in accordance with applicable laws, we may display your personal testimonial, video testimonial and other endorsements on our website along with your name and title and use them for our marketing efforts. If you wish to update or delete your testimonial, you can contact us by using the contact information provided below.
9. If you participate in calls or online meetings with us. We may record and transcribe phone calls, Events, interviews, and online meetings (including audio and video content where applicable) for training and development, quality assurance, our implementation and support services to customers, product improvement, and administration purposes. This includes analyzing the content of such calls and online meetings using third-party AI-powered tools (e.g., Gong.io, Microsoft Teams, Otter.ai, Outreach, Zoom, and Clozd) to gain better insights into our Events or interactions with our customers, prospects and partners. For Events, we may use these recordings to provide testimonials, to the extent permitted by applicable law. We will always notify you before a call is recorded and will obtain your consent where required under applicable law. The purpose for processing such Personal Data includes:
Maintaining high-quality Events, sales, customer enablement, implementation, support and engagements with prospects, customers and partners,
Providing training and coaching to our sales, implementation, customer enablement, partner and support teams,
Generating automated call transcripts and meeting notes,
Keeping our records up to date (for example, in relation to follow-up meetings, sales opportunities, and updating customer contact details),
Research and analysis to improve our sales, implementation, support, partner and customer enablement processes and make our sales, implementation, partner, support and customer enablement calls more impactful.
10. If you visit a BlackLine office. We may ask you to register as a visitor and to provide us with your contact information such as your name, job title, company name, country, phone number and e-mail address. We may use security technologies, such as security cameras, to enhance the physical security of our offices thereby collecting your image or video. If you use our guest wireless network, we may also log information about your use of that service. The purpose for processing such Personal Data includes:
Verifying identity, managing building access, and maintaining visitor logs for physical security and emergency response purposes,
Registering guests, issue visitor badges, track entry/exit times, and ensure authorized access to appropriate areas,
Meeting workplace safety requirements, complying with applicable public health mandates, or maintaining records for legal or insurance purposes,
Assisting in incident tracking, investigations, or audits involving on-premises activities, or
Performing network administration, analysis, troubleshooting, and other operational purposes.
11. If you make a referral. You may give us your friend’s or a third party’s Personal Data, for example via our referral service, to tell a friend about our products, services, events, or website. We will only use this data for the specific stated reason that you provided it. It is your responsibility to abide by applicable privacy and data security laws when you disclose third parties’ Personal Data to us, including informing third parties that you are providing their Personal Data to us and how it will be transferred, used, or processed, and securing the appropriate legal permissions and safeguards. If you choose to provide us with a third party’s Personal Data, you represent that you have the third party’s permission to disclose such Personal Data to us to be used in accordance with this Policy and that you have the appropriate consent from such individual to send the particular commercial message sent to that individual. Where applicable, such third parties may unsubscribe from any future communication following the link provided in the initial message. If you believe that one of your contacts has provided us with your Personal Data and you would like to request that it be removed from our database, please contact us by using the contact information provided below.
12. If you register for a BlackLine sweepstakes. When you participate in or register for a contest, raffle, giveaway, promotion or sweepstakes (collectively, “Sweepstakes”), we may ask you to provide us with your contact information such as your name, job title, company name, country, phone number, e-mail address. If you are a winner of a Sweepstakes, we may ask you for your mailing address and information needed for mailing any prizes and tax purposes. The purpose for processing such Personal Data includes:
Confirm your registration for the Sweepstakes,
Complying with applicable tax laws,
Providing, managing, organizing, and planning the Sweepstakes, including sending related communications, processing prizes, and for our internal reporting purposes,
Improving or enhancing your (or your organization’s) experience interacting with BlackLine, or
Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails).
13. Other voluntary Personal Data. Personal Data such as the content of your communications with us, including interactions with customer support and our social media channels, data you provide when you sign up to receive news, promotions or other marketing communications from us or our partners and any other information you voluntarily provide to us.
B. Personal Data Collected Automatically.
We also collect certain information related to your use of our websites, content, mobile applications, programs, events, products and services, or when you interact with emails we have sent to you. In some jurisdictions, this information may be considered Personal Data under applicable data protection laws. We may combine this information with Personal Data provided by you. The Personal Data we collect automatically from you includes identifiers, commercial information, internet activity information and inferences about preferences and behaviors. In particular, we collect the following Personal Data from you automatically:
1. Device and Interaction Data
We gather certain device information. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, broad geographic location (for example, country or city-level location based on your public IP address), browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites. We also collect information about how you interact with our websites (for example, referring web page, pages visited, features used, geolocation), e-mails, content, or other features (for example, when you open a marketing e-mail or click on an embedded link, or if you watch videos on our site, or interact with/message using our chat function). The purpose for processing such data includes:
Providing, supporting, operating, maintaining, and improving our websites, content, mobile applications, programs, events, products and services including diagnosing technical problems, providing access to content you have requested and displaying country-specific information,
Providing you with information about our products, services, programs, sweepstakes and events, in accordance with your marketing preferences,
Showing you ads on third-party websites that that we may think may interest you and to track the performance of our advertisements, in accordance with your marketing preferences,
Better understanding the visitors who come to our websites, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our websites to our visitors, or
Ensuring compliance with applicable laws and ensuring the security and preventing the misuse of our websites, products and services by tracking use of our websites and services, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies.
2. Usage Data
We gather certain information as part of your use of our websites, products and services (“Usage Data”). This information may include: (i) identifiers, such as user ID, organization ID, username, email address and user type (e.g., license administrator); (ii) commercial information; (iii) user login metadata (e.g., timestamps, usernames); and (iv) internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, broad geographic location (for example, country or city-level location based on your public IP address), language, browser type, Internet service provider or mobile carrier, user interactions such as the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system type and version, system configuration information, date and time stamps associated with your usage and details of which of our websites, products and product versions you are using. We engage third party providers to collect Usage Data.
Usage data includes metrics and information regarding your use and interaction with the Hosted Service. For example, products or features you access or use, when an object (like a ticket) is opened and closed, pages and files viewed or searched for, user interface interactions, date and time stamp, search terms you used, clickstream data, performance metrics, and other diagnostic data.
The purpose for processing Usage Data includes:
Understanding how our websites, products, and services are used, to improve functionality and performance, and to enhance the user experience,
For system administration, troubleshooting, and to ensure the integrity and performance of our websites, products, and services,
Analyzing and assessing your (and your organization’s) experience interacting with our websites, products, and services, and analyzing and measuring user behavior and trends,
Ensuring compliance with applicable laws (e.g., trade compliance),
Providing, supporting, operating, maintaining, and improving our websites, content, mobile applications, products and services,
Assessing and managing usage and licensing compliance with the applicable terms and conditions of our products and services,
Customer enablement and managing customer and user accounts generally,
For financial reporting, internal reporting, and business modeling purposes (e.g., forecasting, revenue, capacity planning, product strategy),
Identifying potential customer opportunities and potential product improvements or future product developments for our products and services,
Security monitoring and preventing misuse of our services, including enforcing our terms and policies, investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect BlackLine or our products and services.
Aggregated Usage Data: In addition, we may use aggregated Usage Data for other internal business purposes, such as to identify additional customer opportunities and to ensure that we are meeting the demands of our customers and their users. Please note that this Usage Data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
3. Cookies, web beacons, pixels, and other tracking technologies
We use common information-gathering tools, such as tools for collecting data, cookies, web beacons, pixels, and similar technologies to collect information that may contain Personal Data as you navigate our websites, our products and services, our content, or interact with emails we have sent to you, which is further explained in our Cookie Policy.
Targeted Advertising Cookies. We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”), which is further explained below in this Policy and in our Cookie Policy.
4. Social Media Features
Our websites may use social media features, such as the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks. Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website. To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. We also allow you to log in to certain of our websites using sign-in services. These services authenticate your identity and provide you the option to share certain Personal Data from these services with us such as your name and email address to pre-populate our sign-up form. Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.
5. Third Party Integrations
You may connect third party integrations to your BlackLine account, which may ask for certain permissions to access data or send information to your BlackLine account. It is your responsibility to review any third-party integrations you authorize. We may collect information about what types of integrations you use in your BlackLine account. Any permission(s) granted by you, grants these third parties access to your data, which may include (but is not limited to) granting third party applications access to view, store, and modify your BlackLine account data. We are not responsible for the practices of third-party integrations.
C. Personal Data Obtained from other Sources
We also collect Personal Data about you from other sources including third party providers of business contact information as described in more detail below, individuals at your organization, referral partners, or publicly available sources. We may combine this information with Personal Data provided by you. The Personal Data we collect from other sources may include identifiers, professional and employment-related information, education information, commercial information, visual information, internet activity information and inferences about preferences and behaviors. Specifically, we collect Personal Data from the following other sources:
1. From another individual. Another individual may give us your Personal Data, for example via our referral service to tell you about our products, services, events, or websites. If you believe that your Personal Data has been provided to us improperly, or want to exercise your rights relating to your Personal Data, please contact us by using the information in the Section of this Policy with the heading, “Contact Us”.
2. From third-party providers of business contact information. BlackLine may collect business contact information about you from other sources including the co-sponsors of events or tradeshows attended by BlackLine, social media networks, our partners (e.g., marketing partners who provide us with information about potential customers of our business services, security partners who provide us with information to protect against abuse), data brokers and third parties from whom we have purchased business contact information. Business contact information may include: first name, last name, business e-mail, telephone number, company name, job level, functional role, country, business street address, and online identifier, as well as previous employers and roles. The purpose for processing such Personal Data includes:
Providing you with information about our products, services and Events, in accordance with your marketing preferences (including marketing calls and marketing e-mails),
To help us correct or supplement our records for marketing campaigns, offers and online advertising efforts or to assist with sales activities, or
Understanding our market and assessing and identifying new customers and potential customer opportunities.
3. From publicly accessible sources. In some circumstances, we may collect information about you from publicly accessible sources and websites, such as your company’s website, professional network services, public social media sites, or press releases. Such information may include: first name, last name, business e-mail, telephone number, company name, job level, functional role, country, business street address, and online identifier, as well as previous employers and roles. We may combine this information with information we have collected about you from other sources. The purpose for processing such Personal Data includes:
Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing e-mails),
Updating, expanding, and analyzing our records, or
Understanding our market and assessing and identifying new customers and potential customer opportunities.
4. From your organization. We also may receive Personal Data about you from your organization (or your university, if applicable) for the purposes of obtaining or providing our products and services or to recommend individuals to participate in our research studies. For example, another individual at your organization may provide us with your business contact information so that we can give you access to training materials purchased by your organization, to grant you certain administrative privileges, or to aid the sales process. If your organization is a BlackLine supplier, your organization may also provide us with your name and e-mail address so that we can contact you about the services your organization supplies to us. The purpose for processing such Personal Data includes:
Communicating with you about the goods and services provided, or
Managing your (or your organization’s) account and providing the requested services to you or your organization.
D. Legal Basis
We collect and process your Personal Data for the purposes specified in this Policy relying on the following legal bases:
Where you have entered into a contract with us, we will use your Personal Data for the performance of such contract.
If we do not have a contract directly with you, or otherwise obtain your consent (e.g., where you have opted-in to e-mail marketing), we may rely on our legitimate interests for the other purposes described in this Policy. Such as our legitimate interest in:
o advertising our products, services, Events and conducting marketing,
o offering best-in class services to our customers,
o maintaining the high quality of our phone calls and meetings,
o providing, supporting, maintaining, and improving our websites, products and services, programs, Events, Sweepstakes, and training and education to customers,
o partner, prospect, and customer relationship management,
o developing products and services and ensuring that our products and services are performing in line with customer expectations,
o providing online content to our customers and prospective customers regarding our Events or service offering and related information,
o providing a relevant and well-functioning website for the benefit of our website visitors,
o promoting the safety and security of our websites and services, and protecting against misuse or abuse of our websites or services, and
o research and analytical purposes.
In some cases, we may have a legal obligation to process your Personal Data, such as in complying with judicial proceedings, court orders or legal processes, responding to lawful requests, and to comply with applicable laws (e.g., export laws and regulations of the U.S. and other jurisdictions).
We also may need to process your Personal Data to protect vital interests, protect personal property or safety, protecting our rights and the rights of others, and to exercise, establish, or defend legal claims.
Cookie Policy
Some of your information may be collected by us using cookies and similar tracking technology. Please see our Cookie Policy for more information about the types of cookies we use or click “Cookie Settings” (link located in the footer of our website) to set your preferences.
How we Disclose your Personal Data
There are certain circumstances in which we may disclose, transfer, share, grant access to, or make accessible your Personal Data with certain third parties (“Third Parties”) as set forth in this Policy. These Third Parties can be categorized as follows:
1. Our affiliates. We may share your Personal Data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Policy, and they will process your Personal Data in accordance with this Policy.
2. Our professional advisors. We may share your Personal Data with our professional advisors, including our lawyers, bankers, auditors and insurers who provide consultancy, legal, banking, auditing, insurance and accounting services to us. Our professional advisors are subject to appropriate obligations of confidentiality (whether contractual or statutory) with respect to Personal Data.
3. Our service providers. We use third-party companies, vendors, agents, partners, and contractors (“Service Providers”) to perform services or business-related functions on our behalf or to assist us, including with the provision of our products and services. We may share your Personal Data with such Service Providers as necessary for them to perform or provide services on our behalf. For example, we engage Service Providers to provide data hosting, payment processing, marketing, online advertising, communications, infrastructure and IT services, call recording and transcription, research and analytics, customer service and support, surveys, data enhancement, fraud prevention, website analytics, CRM services, network and information security and technical support. Service Providers are contractually bound to implement appropriate security measures to protect the Personal Data in their possession and to process the Personal Data consistent with this Policy. Service Providers are not authorized to use or disclose your Personal Data for their own purposes and are contractually bound to process Personal Data only as necessary to perform or provide services on our behalf and in accordance with our documented instructions. These third-party service providers and advisors may use Personal Data we provide to them only as instructed by BlackLine. Moreover, service providers may also deliver artificial intelligence and generative artificial intelligence capabilities to analyze data, determine trends, make predictions and create AI-generated responses or other content for the purposes and pursuant to the legal bases described herein.
4. Our organizers, hosts and sponsors. We may share your Personal Data with organizers, hosts, partners and sponsors (collectively, “Sponsors”) when you register for, attend or take part in a program, Event or Sweepstakes associated with such Sponsors. For example, at an Event, if you choose to visit a Sponsor’s booth/space/session (including a virtual space/booth/session), then we may disclose your Personal Data, such as your contact information and interests in these offerings or services, to the associated Sponsor to communicate with you. In these circumstances, such information will be subject to such Sponsor’s privacy statement. We are not responsible for the privacy or data security practices of such Sponsors, which may differ from those explained in this Policy. You should refer to the Sponsor’s privacy policy and direct any privacy or data security questions directly to them.
5. Our partners. We may disclose your Personal Data to third-party partners that offer supplementary services to those provided by us, to the extent you consent to such sharing (where required by applicable law).
6. Your organization. We may share your Personal Data with your organization (to the extent your account or use of our products or services is associated with such party’s contract for our products and services) for purposes consistent with this Policy. For example, we may share a list of individuals attending a BlackLine event, share a list of individuals completing BlackLine training, or disclose inquiries from end users that should be addressed directly by the organization rather than BlackLine.
7. BlackLine Community and other program users. If you participate in any of our online communities or programs (e.g., BlackLine Community or Partner Portal), we may disclose your public profile information to other online community or program members, as well as any other information you choose to provide or make public.
8. Advertising Partners. As is common practice among companies that operate online, we may share limited Personal Data with certain third parties, including non-affiliated business partners, advertising networks, analytics providers and other advertising providers (“Advertising Partners”) for purposes of targeting advertisements on BlackLine and non-BlackLine websites. Advertising Partners may follow your online activities over time and across different websites or other online services by collecting certain data through automated means, including through the use of cookies. These technologies may recognize you across the different devices you use. We allow certain Advertising Partners to collect Personal Data from our websites using cookies, web beacons, mobile advertising identifiers and other technologies. These Advertising Partners use this information to display online advertisements tailored to your interests and preferences across your browsers and devices and to conduct ad campaign measurement and website analytics. We do not use information collected from our mobile app, BlackLine Community, Partner Portal or Hosted Service for such targeted advertising. We do not control the types of information collected and stored by these third-party cookies, web beacons, mobile advertising identifiers and other technologies. You should refer to the third-party's website for more information on how they use cookies. To learn more about targeted advertising and advertising networks, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here. You may also opt-out by using these services: https://optout.networkadvertising.org/ or https://optout.aboutads.info/ (or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/). Please note this does not opt you out of being served advertising, you will continue to receive generic ads.
9. Business transactions. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, your Personal Data may be shared or transferred, subject to standard confidentiality arrangements.
10. Other third-party disclosures. We may share your Personal Data: (i) at your direction or with your consent, (ii) if required to do so by law in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements) or (iii) in the good faith belief that such action is necessary to: (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of our employees, agents, end users, customers and other third parties, (c) prevent or investigate possible wrongdoing in connection with our products and services, (d) enforce our terms and conditions, policies and agreements, (e) act in urgent circumstances to protect the personal safety of you, other individuals or the public or (f) protect against legal liability. We may also ask for your consent to disclose your Personal Data to other unaffiliated third parties that are not described elsewhere in this Policy.
How we Protect your Personal Data
We use appropriate technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. Such measures take into account the nature of the Personal Data and the processing, and the threats posed. While we endeavor to implement generally accepted security measures, no method of storage or transmission is 100% secure. You are responsible for maintaining the security of your password or other forms of authentication involved in accessing password-protected or secured resources. In the event of a security incident, we will notify regulators and/or you as required by applicable laws and regulations. Such notice may come in the form of an e-mail, postal mail, in-app notification or an electronic notice posted online or through our products and services.
How we Transfer your Personal Data Internationally
We collect information globally and may transfer, process, and store your Personal Data outside of your country of residence, to wherever we or the third parties set forth in “How we Disclosure your Personal Data” operate for the purpose of providing you the Hosted Service and for the purposes set forth in this Policy. Your Personal Data may be processed outside your jurisdiction, including, without limitation, in the United States. For example, since our headquarters are based in the United States, your Personal Data may need to be transferred there. These countries may not have the same data protection laws as the country from which you provide your Personal Data. BlackLine operates as a global business and complies with applicable legal requirements when we need to transfer, store, or process your Personal Data in a country outside your jurisdiction.
Whenever we transfer your Personal Data, we take appropriate safeguards to protect your privacy, your fundamental rights and freedoms, and the ability to exercise your rights. For example, if we transfer Personal Data from the EEA, the UK, or Switzerland to another country such as the United States, we will implement an appropriate data transfer solution such as relying on an adequacy decision or entering into “standard contractual clauses” approved by the European Commission or competent governmental authority (as applicable) with the data importer. For more information, see below.
Data Privacy Framework.
BlackLine, Inc. and BlackLine Systems, Inc. comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, “DPF Principles”) and relies on the DPF Principles as a legal basis for transfers of Personal Data from the EU to the United States, the UK to the United States and Switzerland to the United States. To learn more, visit our Data Privacy Framework Notice here.
How we Retain your Personal Data
We retain Personal Data for a period of time consistent with the original purpose of collection or as long as required to (i) comply with a legal obligation, (ii) protect or defend our rights, interests or property or that of our employees, agents, members, customers and other third parties, (iii) prevent or investigate possible wrongdoing in connection with our products and services, (iv) enforce our terms and conditions, policies and agreements, (v) protect against legal liability or (vi) pursue legitimate interests or essential business purposes.
We determine the appropriate retention period for Personal Data on the basis of the length of time we have an ongoing relationship with you (e.g., for as long as you have an account with us or keep using our products and services), the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal obligations. When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
Your Privacy Rights
Depending on where you are located and how you interact with us, you may have certain legal rights over the Personal Data we hold about you, subject to local privacy laws. These may include the right, depending on your jurisdiction, to:
Obtain confirmation as to whether or not your Personal Data is being processed by us, and where that is the case, access to such Personal Data (and related details);
Obtain rectification of inaccurate Personal Data and to have incomplete Personal Data completed;
Obtain erasure or deletion of your Personal Data;
Obtain restriction of our processing of your Personal Data or object to processing of your Personal Data;
Receive your Personal Data in a structured, commonly used and machine-readable format and to transmit such data to another controller where feasible;
Know about the existence of Automated Decision-Making and to not be subject to Automated Decision-Making. Currently, we do not make any decisions based solely on automated processing, which produces legal effects (“Automated Decision-Making”). In the event our position changes, we will update this Policy and inform you as required by applicable data protection laws;
Withdraw your consent at any time, to the extent we rely on your consent as the legal basis for processing your Personal Data (without affecting the lawfulness of the processing based on such consent prior to your withdrawal or processing based on reliance on a legal basis other than consent);
Lodge a complaint with the applicable supervisory authority;
Opt-out of the sale or sharing of Personal Data for targeted advertising. Although this is a right in certain jurisdictions, we do not sell Personal Data to third parties in exchange for money, and
Obtain additional information about the suitable safeguards and means we rely upon with regard to international transfer of Personal Data as described in the section with the heading “How We Transfer Your Personal Data Internationally” above.
You will not be discriminated against for exercising any of your rights described in this Policy. Please note that these rights may be subject to further conditions, limitations and/or exemptions under applicable data protection laws. If any of the rights listed above are not provided under law for your jurisdiction, we have absolute discretion in providing you with these rights.
Children. If you’re under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, you have the right to opt-in to certain disclosures of your Personal Data to third parties. Our websites and services are not directed at children. We do not knowingly collect Personal Data from children under the age of 13. We do not knowingly collect Personal Data of children between 13-18 unless we have obtained consent from a parent or guardian, or such collection is subject to a separate agreement with us or the visit by a child is unsolicited or incidental. We do not have actual knowledge that we sell or share Personal Data for targeted advertising under 16 years of age. If you believe we have mistakenly or unintentionally collected Personal Data of a minor without appropriate consent, please contact us by using the information in the Section of this Policy with the heading, “Contact Us” and we will take steps to delete their Personal Data from our systems.
Exercising Your Privacy Rights and Choices
To exercise your rights with respect to Personal Data covered by this Policy, please follow the steps outlined below or contact us by using the information below in the Section of this Policy with the heading, “Contact Us.”
Please note that to protect Personal Data, we may verify your identity by a method appropriate to the type of request you are making. Depending on your request, we will ask for information such as your name and your email address. Depending on where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity and authority, in accordance with applicable laws, to protect your Personal Data. We may deny a request from an agent that does not submit proof that they have been authorized to act on your behalf.
Depending on your location and applicable laws, we will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken. We will respond within the time frame permitted by applicable law. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.
If you are a customer, prospect, or otherwise interact with a BlackLine customer that uses our Hosted Service and would like to access, correct, amend or delete your data controlled by the customer, please contact the relevant customer directly. BlackLine acts as a processor for our customers in most cases and will work with our customers to fulfill these requests when applicable.
1. Unsubscribe from Marketing Communications. We may send you marketing communications about our products and services, including via email and text message. If we process your Personal Data for the purpose of sending you marketing communications, you can manage your preferences in a number of ways. To opt out of email marketing communications, you can use the unsubscribe function in any email you receive from us or contact us using the information in the “Contact Us” section of this Policy, below. Opt-out requests can take up to ten (10) business days to be effective. To opt out of text messages, you can reply “STOP” to any SMS messages you receive from us. Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as transactional communications about your account or event registrations, operational or service messages, security alerts, invoices and updated policies or terms and conditions.
2. Opt-out of Targeted Advertising. You may opt out of targeted advertising cookies (aka Targeting Cookies) by clicking “Cookie Settings” (link located in the footer of our website) See our Cookie Policy for more information. This opt-out is specific to the browser on the device, so you will need to opt out again if you: 1) later clear your cookies, or 2) visit this site from a different browser or device.
3. Do Not Sell my Personal Data. We do not sell Personal Data in exchange for monetary consideration in the conventional sense. We share Personal Data (in the form of identifiers and internet activity information) with our third-party advertising partners for targeted advertising as described in the Section of this Policy with the heading, “How We Disclose Your Personal Data”. If you would like to opt-out, you can click “Do Not Sell or Share My Personal Information” or “Cookie Settings” (link located in the footer of our website). This opt-out is specific to the browser on the device, so you will need to opt out again if you: 1) later clear your cookies, or 2) visit this site from a different browser or device. If you would like to opt-out of shares using other identifiers (like email address), please refer to the Section of this Policy with the heading, “Contact Us”.
4. Lodge a Complaint with a Data Protection Authority. Depending on your location, and applicable laws, you may have the right to complain to a data protection authority about our collection and use of your Personal Data. If you believe that we have not been able to assist with your complaint or concern, and you are located in the European Economic Area, the United Kingdom or Switzerland, you have the right to lodge a complaint with your local data protection authority. Information about how to contact your local data protection authority is available here. Contact details for data protection authorities in the EEA are available on the European Data Protection Board member page here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html), respectively. If you are a resident of Australia and you are not satisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”) by contacting the OAIC using the methods listed on their website.
California Privacy Rights
This section applies only to California consumers. For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the “CCPA”). It describes how we collect, use, and share California consumers' Personal Information in our role as a business, and the rights applicable to such residents.
1. Categories of Personal Data. As described in this Policy, we have collected the following statutory categories of Personal Information in the past twelve (12) months: (i) Identifiers, such as name, e-mail address, mailing address, and phone number. We collect this information directly from you or from third party sources. (ii) Commercial information. We collect this information directly from you. (iii) Internet or network information, such as browsing and search history. We collect this information directly from your device. (iv) Geolocation data, such as IP address. We collect this information from your device. (v) Financial information, such as payment information or financial account numbers in the process of providing you with our products and services. We collect this information from you. (vi) Professional data, such as your job title and company. (vii) Inferences drawn from any of the above categories, alone or in combination. (viii) Other Personal Data as described in this Policy.
The business and commercial purposes for which we collect this information are described in this Policy. The categories of third parties to whom we "disclose" this information for a business purpose are described in the “How We Disclose Your Personal Data” section of this Policy. The period of time for which we retain this information is described in the “How We Retain Your Personal Data” section of this Policy.
2. Financial Incentives. We may offer you certain financial incentives permitted by the CCPA. Please review our CCPA Financial Incentives Notice for more information.
3. Do Not Sell or Share my Personal Information. The CCPA requires businesses to disclose whether they “sell” or “share” Personal Information, as those two terms are defined by the CCPA. As a business covered by the CCPA, we do not sell Personal Information in exchange for monetary consideration in the conventional sense. We share Personal Information (in the form of identifiers and internet activity information) with our third-party advertising partners for cross-context behavioral advertising. If you would like to opt-out, you can click “Do Not Sell or Share My Personal Information” or “Cookie Settings” (link located in the footer of our website) or turn on a Global Privacy Control in your web browser or browser extension. This opt-out is specific to the browser on the device, so you will need to opt out again if you: 1) later clear your cookies, or 2) visit this site from a different browser or device. Please see the California Privacy Protection Agency’s website at https://oag.ca.gov/privacy/ccpa for more information on valid Global Privacy Controls. For instructions on how to download and use GPC, please visit https://globalprivacycontrol.org. If you would like to opt-out of shares using other identifiers (like email address), please refer to the Section of this Policy with the heading, “Contact Us”.
4. Sensitive Personal Information. The CCPA grants you the right to limit the use of “sensitive personal information” (as defined in the CCPA). This means that you have the right to direct businesses to only use your sensitive personal information for limited purposes. We only collect sensitive personal information (such as your payment information), as defined by applicable laws for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.
5. Do Not Track. While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard adopted by industry groups, technology companies or regulators. Therefore, we currently do not participate in any "do not track" or “DNT” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your Personal Data.
6. Shine the Light. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our websites that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. Our disclosure requirements apply only if we share your Personal Data with third parties for them to directly market their own products or services to you, instead of assisting us with our own business. To make such a request, please contact us by using the information in the Section of this Policy with the heading, “Contact Us”.
Changes to this Privacy Policy
From time to time, we will update or modify this Policy, in our sole discretion, to reflect changes in legal and regulatory requirements and our business practices. The updated Policy will be posted to this website with a change to the “Last Updated” date (located at the top of this Policy). We encourage you to review this page periodically to stay informed, especially before you provide Personal Data. In circumstances where we make updates or modifications to this Policy that materially alter your privacy rights, we will provide additional notice, such as via email or with in-service notifications, as required by law. The updated Policy will take effect immediately after being posted or as otherwise notified by us. Your continued relationship with us or your continued use of our website, products or services after any such updates take effect will constitute acknowledgement and (as applicable) acceptance of the updated Policy.
Contact Us
If you have any questions about this Policy, or wish to exercise your rights, please submit your request to [email protected]. You may also contact us at the mailing address below:
BlackLine Systems, Inc.
21300 Victory Blvd., 12th Floor.
Woodland Hills, CA 91367
Attn: Data Protection Officer
When you contact us, please indicate in which country and/or state you reside.
The data controller is BlackLine Systems, Inc., or its affiliate. We have appointed a data protection officer who is responsible for overseeing questions in relation to this Policy and is responsible for our compliance with applicable data protection laws. Our data protection officer can be reached at [email protected].
If you are unable to access this Policy due to a disability or any physical or mental impairment, please contact us at [email protected] and we will arrange to supply you with the information you need in an alternative format that you can access.