Privacy Policy

BlackLine Privacy Policy


Effective 10/23/2023


We operate a Software-as-a-Service (SaaS) business model typically for enterprise customers where we sell subscriptions to our products and services. The “Hosted Service” shall mean our SaaS products and services, as defined in our Master Subscription Agreement (“MSA”). This Privacy Policy (“Policy”) describes how we collect, use, share and otherwise process information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you (“Personal Data”), and explains your related rights regarding our processing of your Personal Data. Personal Data does not include information that is publicly available, de-identified, aggregated, or otherwise exempted by applicable data protection laws. Such information is not subject to the terms of this Policy. A reference to “BlackLine,” “we,” or “us” is a reference to BlackLine Systems, Inc., 21300 Victory Blvd 12th Floor, Woodland Hills, CA 91367 and the relevant subsidiary or affiliate involved in the processing activity.


Table of Contents:

1.      What our Privacy Policy Covers

2.      How We Collect and Use your Personal Data

a.      Personal Data Provided by You

b.      Personal Data Collected Automatically

c.       Personal Data Obtained from Other Sources

3.      Cookie Policy

4.      How We Disclose your Personal Data

5.      How We Protect your Personal Data

6.      How We Transfer your Personal Data Internationally

a.      EU-U.S. Data Privacy Framework

7.      How We Retain your Personal Data

8.      Your Privacy Rights

9.      Exercising Your Rights

10.  Additional Rights and Disclosures

11.  Changes to this Privacy Policy

12.  Contact Us


Download/print a copy of this Policy (printer-friendly PDF)


What our Privacy Policy Covers

Some data protection laws in various jurisdictions distinguish between “controllers” and “processors” of Personal Data. While other jurisdictions may use different terminology, the concept typically remains the same. A controller decides why and how to process Personal Data. A processor only processes Personal Data on behalf of a controller based on the controller’s instruction; the processor does not make decisions about Personal Data. BlackLine may be either a controller or a processor, depending on the scenario. BlackLine may act as a joint controller with its European affiliates for the Personal Data of EU individuals.


This Policy only applies when BlackLine is the data controller of your Personal Data, and explains how BlackLine collects, uses, and shares your Personal Data for its own purposes. For example, this Policy covers when you:

  • Visit a BlackLine website that links to this Policy;

  • Visit our branded social media pages;

  • Visit a BlackLine office;

  • Interact with BlackLine as a representative of a company that has an account with BlackLine (e.g., you are our customer, partner, service provider or our supplier);

  • Use our products and services where we act as a controller of your Personal Data;

  • Register for, attend or take part in a BlackLine event, webinar, program, training or certification;

  • Register for, attend or take part in a BlackLine contest, giveaway or sweepstakes;

  • Participate in surveys, research or other similar data collection facilitated by us; and

  • Receive a communication from us (e.g., a sales or marketing communication) or otherwise communicate with us, including emails, telephone calls, texts, faxes or chatbot.


Customer Data: Our customers control the data they put into our products and services (“Customer Data”) and how it is used. This Policy does not cover how we process Personal Data on behalf of our customers and partners as a processor. This Policy does not cover Customer Data, including any Personal Data contained in it. If you are an employee, contractor, consultant, intern, student, or a job applicant of an organization that uses a BlackLine product or service and you have questions or concerns about the Personal Data your organization holds in BlackLine about you (when BlackLine is a processor), please direct your request to that organization. BlackLine cannot respond directly to your request. We are not responsible for the privacy or data security practices of our customers and partners, which may differ from those explained in this Policy.


Employees and Job Applicants: If you are a BlackLine employee or job applicant, information about how we use and protect your Personal Data is communicated to you in a separate statement.


Third Party Links: Our websites and services may contain links to other websites, applications, platforms and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.


How we Collect and Use your Personal Data

BlackLine collects and uses Personal Data for various reasons. When we do so, we will use it in accordance with applicable laws.


Some jurisdictions, including the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, require a legal basis—a reason why BlackLine is legally allowed to collect and use your Personal Data.


Below, we describe (1) in what instances we collect your Personal Data, (2) the categories of Personal Data we collect in those instances, (3) our purposes for collection, and (4) the legal bases for collection. If we need to collect other Personal Data from you, we will explain which information we need and why at the time we collect it.


Where you have entered into a contract with us, we will use your Personal Data for the performance of such contract. If we do not have a contract directly with you, or otherwise obtain your consent (e.g., where you have opted-in to email marketing), we may rely on our legitimate interests for the other purposes described in this section. In some cases, we may have a legal obligation to process your Personal Data, such as in response to a court or regulator order or to comply with applicable laws. We also may need to process your Personal Data (i) to protect vital interests, (ii) for research and analytical purposes, (iii) for auditing purposes, (iv) to aggregate it to ensure that it is no longer identifying, and (v) to exercise, establish, or defend legal claims.


A.   Personal Data Provided by You

Sometimes, we may ask you to provide Personal Data voluntarily (e.g., we may ask you to provide your contact details to create an account with us, to subscribe to marketing communications from us, and/or to submit inquiries to us). In some cases, we combine the Personal Data you provide.

The Personal Data we collect directly from you may include identifiers, professional or employment-related information, financial account information, commercial information, visual information, internet activity information, among others. We collect such information in the following situations:


1. When you request information from us or to receive communications from us. When you fill out a contact form or otherwise contact us, including to express interest in obtaining information about BlackLine or our products and services, we may ask you to provide us with your contact information such as name, business email, telephone number, company name, job level or title, functional role, and address. You may have the option of engaging in a “live chat” or other form of interactive communication with us, during which BlackLine (or our third-party service provider acting on our behalf) may collect a record of information disclosed by you. The purpose for processing such Personal Data includes:

·      Fulfilling your request and communicating with you, and

·      Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails).


2. If you are our customer or partner. If you are a representative of a company that has an account with BlackLine, we collect your business contact information including your name, business email, telephone number, country, job level or title, functional role, and company name. If you contact BlackLine for support related to your organization’s use of our products, services, or events, we will also collect information about the reason for your inquiry and any other information you choose to provide to us. The purpose for processing such Personal Data includes:

  • Communicating with you and fulfilling your request for BlackLine support,

  • Managing your organization’s account, including invoicing and other account-related issues, and

  • Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails).


3. If you are our service provider or supplier. If you are a representative of a company that provides BlackLine with products or services, we collect your business contact information including your name, business email, telephone number, country, job level or title, functional role and company name. The purpose for processing such Personal Data includes:

  • Managing your organization’s account, including invoicing and other account-related issues, and

  • Communicating with you and respond to your inquiries.


4. If you are an end user of a BlackLine-owned account. Typically, when you use the Hosted Service or other BlackLine product, service or program through your employer or another BlackLine customer, your account is controlled and owned by that organization. In some circumstances, you may register for an account directly with BlackLine rather than through your organization—for example, if you register for an account to access BlackLine Community, Champion Rewards, Partner Portal, Optimization Academy, training or certification. In those cases, we collect the account registration information you give us (for example, your name and email), your profile information (for example, your company name, job title, phone and address) and your account log-in in combination with any required security or access code, password, or credentials for allowing access to your account with us. In some cases, you may have the option to personalize your account with additional information such as a photo, a social media profile, or other Personal Data. For services that require it, we also will collect authentication information, such as mobile number, email address, or other unique verification identifiers. If you sign up for a BlackLine training or learning course covered by this Policy, we may collect the account registration information, as well as enrollment and attendance information (including when your registration is paid for by a BlackLine customer or partner). If applicable, we may also collect payment information directly from you. If you subscribe to our Trust site or Hosted Service notifications, we may collect your name, email and mobile number. The purpose for processing such Personal Data includes:

  • Providing, maintaining, supporting, improving, and securing the Hosted Service or other BlackLine-owned account (e.g., diagnosing and responding to technical or service problems; analyzing and measuring user behavior and trends; to understand how users use the Hosted Service; for service improvement; for research and development purposes),

  • Managing your user account in accordance with the applicable terms and conditions and identifying any violations of any applicable terms and conditions,

  • Ensuring that you can log in to use the Hosted Service or other BlackLine-owned account (e.g., authentication purposes), and access information you need securely and efficiently,

  • Delivering requested resources or services to you,

  • Sending you operational communications (e.g., to notify you of any maintenance), communicating with you about your use of the Hosted Service or other BlackLine-owned account, providing any legally or contractually required notices (e.g., notice of a new sub-processor or updates to this Policy), and to notify you of any important news regarding BlackLine’s Hosted Service or other BlackLine-owned account,  

  • Responding to communications from you and fulfilling your request for BlackLine support,

  • Managing your organization’s account, including invoicing, processing payments and other account-related issues,

  • Identifying potential customer opportunities and potential product improvements or future product developments for our products and services,

  • Providing you with e-mail or SMS messages about our Trust site or Hosted Service notifications if you subscribed to receive such notifications (you can unsubscribe at any time excluding e-mail notifications that are operational notifications regarding BlackLine and our products and services),

  • Providing you with surveys and questionnaires regarding BlackLine and our products and services,

  • For internal reporting and business modeling purposes (e.g., forecasting, revenue, financial reporting, capacity planning, product strategy, commission for BlackLine employees), and

  • Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails like newsletters, promotions, special offers, educational webinars, best practice summits, make product recommendations we think may interest you, etc.).


5. If you register for BlackLine events and webinars. When you register for a conference, forum, seminar, workshop, webinar or event, whether taking place virtually or in-person (collectively, an “Event”), we may ask you to provide us with your contact information such as your name, job title, company name, address, country, phone number and email address; your health and safety information such as your emergency contact and your dietary preferences; photos and videos of you taken at the Event; and your billing information such as your billing name, billing address, and credit card number. If you use a BlackLine event-related mobile application, we may also collect additional information from your device, such as your photos, contacts, or geolocation data, in accordance with your device’s privacy settings. The purpose for processing such Personal Data includes:

Managing, organizing, planning, supporting, hosting and securing the Event, including sending related communications and for our internal reporting purposes,

  • Invoicing and processing payments,

  • Improving our future Events and our mobile application,

  • Improving or enhancing your (or your organization’s) experience interacting with BlackLine, and

  • Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails).


6. If you participate in research with us or otherwise provide us with feedback. When you participate in or register for a BlackLine study, survey, panel, panel pool, or voluntarily submit certain information to us such as providing BlackLine with feedback about our products and services, we may ask for your name, email address, telephone number, address, company, employment status, tenure, role, job information, gender, age group, and other information relevant to the study. For certain studies, we may also take photos, videos, or audio recordings (with your permission and in accordance with applicable laws). The purpose for processing such Personal Data includes:

  • Fulfilling the purpose set out in the study or survey,

  • Improving your (or your organization’s) experience interacting with BlackLine,

  • Identifying the BlackLine research studies best suited to you based on your attributes and invite you to participate via email,

  • Identifying potential product improvements or future product developments for our products and services,

  • Contextualizing your feedback and experience with our products and services so that we can improve them, and

  • Improving how we conduct research.


7. If you participate in a sales call or online meeting with BlackLine. We may record sales phone calls and online meetings (including audio and video content where applicable) for training, quality assurance, and administration purposes. This includes analyzing the content of such calls and online meetings using AI-powered tools to gain better insights into our interactions with our customers and prospects. We will always notify you before a call will be recorded and will obtain your consent where required under applicable law. The purpose for processing such Personal Data includes:

  • Maintaining high-quality sales calls and engagements with prospects and customers,

  • Providing training and coaching to our sales teams,

  • Generating automated call transcripts,

  • Keeping our records up to date (for example, in relation to follow-up meetings, sales opportunities, and updating customer contact details), and

  • Improving our sales processes and make our sales calls more impactful.


8. If you visit a BlackLine office. We may ask you to register as a visitor and to provide us with your contact information such as your name, job title, company name, country, phone number and email address. We may use security technologies, such as security cameras, to enhance the physical security of our offices thereby collecting your image or video. If you use our guest wireless network, we may also log information about your use of that service. The purpose for processing such Personal Data includes:

  • Maintaining and enhancing the physical security of our offices,

  • Performing network administration, analysis, troubleshooting, and other operational purposes.


9. If you register for a BlackLine sweepstakes. When you register for a contest, giveaway, or sweepstakes (collectively, “Sweepstakes”), we may ask you to provide us with your contact information such as your name, job title, company name, country, phone number and email address. If you are a winner of a Sweepstakes, we may ask you for your mailing address and information needed for tax purposes. The purpose for processing such Personal Data includes:

  • Providing, managing, organizing, and planning the Sweepstakes, including sending related communications, processing prizes and for our internal reporting purposes,

  • Improving or enhancing your (or your organization’s) experience interacting with BlackLine, and

  • Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails).


B.    Personal Data Collected Automatically.

We also collect certain information related to your use of our websites. In some jurisdictions (including in the United States and countries in the EEA, the UK, and Switzerland), this information may be considered Personal Data under applicable data protection laws. We may combine this information with Personal Data provided by you. The Personal Data we collect automatically from you includes identifiers, commercial information, internet activity information and inferences about preferences and behaviors. In particular, we collect the following Personal Data from you automatically:


1. When you access our websites or content. When you visit our websites, we collect information about your device and your usage. The information collected may include your IP address, device type, unique device identification numbers, browser type, broad geographic location (for example, country or city-level location based on your public IP address), performance, and other usage and technical information. We also collect information about how you interact with our websites (for example, referring web page, pages visited, features used), emails, content, or other features (for example, when you open a marketing email or click on an embedded link, or if you watch videos on our site, or interact with/message using our chat function). Some of this information may be collected using cookies and similar tracking technology, as further explained in our Cookie Policy. The purpose for processing such Personal Data includes:

Providing, supporting, operating, maintaining, and improving our websites, including diagnosing technical problems, providing access to content you have requested and displaying country-specific information,

  • Providing you with information about our products, services and events, in accordance with your marketing preferences,

  • Showing you ads on third-party websites that are more relevant to you with your consent,

  • Better understanding the visitors who come to our websites, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our websites to our visitors, and

  • Protecting the security and preventing misuse of our websites and services by tracking use of our websites and services, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies.


2.When you use the BlackLine mobile application. When you use our mobile app, we collect certain information from your device (e.g., your device make, model, and memory). Our application will assign a unique identifier to your device to help us improve the performance of our applications. The purpose for processing such Personal Data includes:

  • Detecting crashes, undertake troubleshooting, and understand and improve end-user experience with our mobile applications, and

  • Remotely enabling or disabling features within the mobile application.


3. If you are an end user of a BlackLine product or service through a BlackLine customer or partner. When you use our products and services, we log certain systems usage information automatically. This information may include system-generated identifiers such as IP address, operating system type and version, whether service tasks and notifications complete, date and time stamps, and details about which of our products you are using. We do not identify you from this systems usage information unless you or your organization first provides us with instructions to do so, and provides us with certain information about your end-user account. This may happen in the context of a customer support request (e.g., when you or your organization ask us to help you resolve an issue you are having with our products and services). The purpose for processing such Personal Data includes:

  • Providing, maintaining, supporting, improving, and securing the Hosted Service or other BlackLine-owned account (e.g., diagnosing and responding to technical or service problems; analyzing and measuring user behavior and trends; to understand how users use the Hosted Service; for service improvement).

  • Assessing and analyzing your (and your organization’s) experience interacting with our products and services,

  • Undertaking research and development in light of this assessment in order to improve performance of the services, and

  • Maintaining BlackLine’s own security and preventing misuse of our services, including enforcing our terms and policies, investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect BlackLine or our products and services.


C.    Personal Data Obtained from other Sources

We also collect Personal Data about you from other sources including third party providers of business contact information as described in more detail below, individuals at your organization, referral partners, or publicly available sources. We may combine this information with Personal Data provided by you. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us by using the information in the “Contact Us” section below.

The Personal Data we collect from other sources may include identifiers, professional and employment-related information, education information, commercial information, visual information, internet activity information and inferences about preferences and behaviors. Specifically, we collect Personal Data from the following other sources:


1. From third-party providers of business contact information. BlackLine may collect business contact information about you from other sources including the co-sponsors of events attended by BlackLine, social media networks, our partners (e.g., marketing partners who provide us with information about potential customers of our business services, security partners who provide us with information to protect against abuse), and third parties from whom we have purchased business contact information. Business contact information may include: first name, last name, business email, telephone number, company name, job level, functional role, country, business street address, and online identifier, as well as previous employers and roles. The purpose for processing such Personal Data includes:

  • Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails),

  • Updating, expanding, and analyzing our records, and

  • Understanding our market and assessing and identifying new customers and potential customer opportunities.


2. From publicly accessible sources. In some circumstances, we may collect information about you from publicly accessible sources and websites, such as your company’s website, professional network services, public social media sites, or press releases. Such information may include: first name, last name, business email, telephone number, company name, job level, functional role, country, business street address, and online identifier, as well as previous employers and roles. We may combine this information with information we have collected about you from other sources. The purpose for processing such Personal Data includes:

  • Providing you with information about our products, services and events, in accordance with your marketing preferences (including marketing calls and marketing emails),

  • Updating, expanding, and analyzing our records, and

  • Understanding our market and assessing and identifying new customers and potential customer opportunities.


3. From your organization. We also may receive Personal Data about you from your organization (or your university, if applicable) for the purposes of obtaining or providing our products and services or to recommend individuals to participate in our research studies. For example, another individual at your organization may provide us with your business contact information so that we can give you access to training materials purchased by your organization, to grant you certain administrative privileges, or to aid the sales process. If your organization is a BlackLine supplier, your organization may also provide us with your name and email address so that we can contact you about the services your organization supplies to us. The purpose for processing such Personal Data includes:

  • Communicating with you about the goods and services provided, and

  • Managing your (or your company’s) account and providing the requested services to you or your company.


Cookie Policy

Some of your information may be collected by us using cookies and similar tracking technology, as further explained in our Cookie Policy.


How we Disclose your Personal Data

BlackLine may share, transmit, disclose, provide, grant access to, or make accessible your Personal Data to third parties as follows:

  • BlackLine Affiliates. To affiliates within the BlackLine group where necessary to fulfill the purposes described in this Policy, including, without limitation, to fulfill a request you have submitted or for customer implementation or support, marketing, technical operations, event registration, and account management purposes.

  • Service providers and professional advisors. To third-party service providers, vendors, or professional advisors (e.g., lawyers, auditors, and insurers) contracted to provide services on our behalf (e.g., IT and hosting, data analytics, billing, event services, customer support, call recording, research and analytics, marketing, Sweepstakes services, delivering surveys, delivering data enrichment, email fulfillment, payment services, consultancy, legal, insurance and accounting services). These third-party service providers and advisors may use Personal Data we provide to them only as instructed by BlackLine.

  • Your organization/employer/company/university. Where your organization is a customer or potential customer of BlackLine, we may disclose your Personal Data to relevant people within your organization. For example, we may share a list of individuals attending a BlackLine event, share a list of individuals completing BlackLine training, or disclose inquiries from end users that should be addressed directly by the organization rather than BlackLine.

  • BlackLine sponsors. When you participate in Events, Sweepstakes, and other activities where BlackLine collaborates with third parties (e.g., Event sponsors, partners and co-organizers) (“Sponsors”), we may disclose the Personal Data described under “if you register for events and webinars” and “if you register for a BlackLine sweepstakes” above, such as your contact information and interests in these offerings or services to these approved Sponsors to communicate with you. For clarity, if you choose to visit a Sponsor’s booth/space/session (including a virtual space/booth/session), then we may disclose the Personal Data described under “if you register for events and webinars” above, such as your contact information and interests in these offerings or services, to these approved Sponsors to communicate with you. In these circumstances, such information will be subject to such Sponsor’s privacy statement.

  • BlackLine partners. We may disclose your Personal Data to third-party partners that offer supplementary services to those provided by us, to the extent you consent to such sharing (where required by applicable law).

  • BlackLine Community and other program users. If you participate in any of our online communities (e.g., BlackLine Community, Champion Rewards, Partner Portal, Optimization Academy, training or certification), we may disclose your public profile information to other online community members, as well as any other information you choose to provide or make public.

  • Advertising. With third-party social media networks, advertising networks and websites, so that we can market and advertise on third party platforms and websites. When you visit a BlackLine website or use a BlackLine app that links to the BlackLine Privacy Policy (excluding the Hosted Service), with your consent we may enable third parties to use cookies and other trackers to show you ads on third-party websites that are more relevant to you in an effort to “re-market” our products and services to you. We only allow Targeting Cookies (as described in our Cookie Policywith your consent. Please see our Cookie Policy for more information about the types of cookies we use or click “Cookie Settings” (link located in the footer of our website) to set your preferences and opt-out of targeted advertising cookies (aka Targeting Cookies). We do not use information collected from our mobile app, Partner Portal or Hosted Service for “targeted advertising,” as that term is defined in data protection laws. For more information about targeted advertising, see the Sections, “Your Privacy Rights,” “Exercising Your Privacy Rights” and “Additional Rights and Disclosures” of this Policy.

  • Business transactions.If we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Data may be among the assets transferred, provided that we inform the actual or potential buyer (or its agents and advisors) that it must use your Personal Data only for the purposes disclosed in this Policy.

  • Additional disclosures. We will share Personal Data outside of BlackLine if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to: (a) meet any applicable law, regulation, legal processes, or enforceable governmental request; (b) enforce our agreements and policies; (c) detect, prevent, or otherwise address fraud, security, or technical issues; and/or (d) protect against harm to the rights, property, or safety of BlackLine, our customers, users, the public, or others as required or permitted by law. We may also ask for your consent to disclose your Personal Data to other unaffiliated third parties that are not described elsewhere in this Policy.


How we Protect your Personal Data

We use technical and organizational measures that provide a level of security appropriate to the nature of the Personal Data and the risks that are presented by processing your Personal Data. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other forms of authentication involved in accessing password-protected or secured resources.


How we Transfer your Personal Data Internationally

We collect information globally and may transfer, process, and store your Personal Data outside of your country of residence, to wherever we or the third parties set forth in “How we Disclosure your Personal Data” operate for the purpose of providing you the Hosted Service and for the purposes set forth in this Policy.  Your Personal Data may be processed outside your jurisdiction, including, without limitation, in the United States. For example, since our headquarters are based in the United States, your Personal Data may need to be transferred there. These countries may not have the same data protection laws as the country from which you provide your Personal Data. BlackLine operates as a global business and complies with applicable legal requirements when we need to transfer, store, or process your Personal Data in a country outside your jurisdiction.  


Whenever we transfer your Personal Data, we take appropriate safeguards to protect your privacy, your fundamental rights and freedoms, and the ability to exercise your rights. For example, if we transfer Personal Data from the EEA, the UK, or Switzerland to another country such as the United States, we will implement an appropriate data transfer solution such as relying on an adequacy decision or entering into “standard contractual clauses” approved by the European Commission or competent governmental authority (as applicable) with the data importer. For more information, see below.


Data Privacy Framework.

BlackLine, Inc. and BlackLine Systems, Inc. comply with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, “DPF Principles”) and relies on the DPF Principles as a legal basis for transfers of Personal Data from the EU to the United States, the UK to the United States and Switzerland to the United States. To learn more, visit our Data Privacy Framework Notice here.


BlackLine will rely on the Swiss-U.S. DPF as a legal basis to transfer personal data from Switzerland to the United States to the extent the applicable local authorities approve the adequacy decision. Otherwise, BlackLine relies on the SCCs for the purposes of Swiss data protection law.


How we Retain your Personal Data

We retain your Personal Data for as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). The criteria used to determine appropriate retention periods for Personal Data includes:

  • The length of time we have an ongoing business relationship with you,

  • The amount, nature, and sensitivity of the Personal Data we process, and

  • Whether we have a legal obligation to retain Personal Data or whether retaining Personal Data is necessary to resolve disputes, including the establishment, exercise, or defense of legal claims.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.


Your Privacy Rights

Depending on where you are located and how you interact with us, you may have certain legal rights over the Personal Data we hold about you, subject to local privacy laws.


These may include the right, depending on your jurisdiction, to:

  • Obtain access to your Personal Data that is being processed by us.

  • Know more about how we process your Personal Data, the categories of Personal Data collected, the categories of sources from which we got the Personal Data, and the categories of third parties with whom we’ve shared Personal Data.

  • Correct inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete.

  • Request the deletion of your Personal Data.

  • In some circumstances, object to the processing of your Personal Data, and ask us to restrict the processing of your Personal Data.

  • Request the portability of your Personal Data in a structured, commonly used, and machine-readable format.

  • Transfer your Personal Data to another controller, to the extent possible.

  • Withdraw your consent at any time (to the extent we base processing on consent). Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal affects (“Automated Decision-Making”). BlackLine does not make decisions based solely on automated processing that produces legal or similarly significant effects as part of the processing activities covered by this Policy.

  • Opt-out of certain disclosures of your Personal Data to third parties.

  • Opt-out of the sale or sharing of Personal Data for targeted advertising. Although this is a right in certain jurisdictions, we do not sell Personal Data to third parties in exchange for money.

  • Not be discriminated against for exercising your rights as described above.


Exercising Your Privacy Rights

To exercise your rights with respect to information covered by this Policy, please contact us by using the information below in the Section of this Policy with the heading, “Contact Us.” BlackLine will take steps to verify your identity, including validating your name and the email you use when interacting with BlackLine. You may also authorize another person or third party to submit a request to exercise your rights by providing written permission in conjunction with the submission of the requested information or by giving the third party your power of attorney. We will acknowledge your request and provide a follow-up substantive response within a time period permitted by applicable law. In the event that BlackLine needs an extension to fulfill a request, we will notify you. If we deny your request, we will provide reasons for that denial.


No Discrimination for Exercising Your Privacy Rights. BlackLine will not discriminate against you, in any manner prohibited by applicable law, for exercising your rights specified in the Section of this Policy with the heading “Your Privacy Rights” above. If you are a prospective customer, we may offer you certain financial incentives permitted by the CPRA (as defined below). Please review our CCPA Financial Incentives Notice for more information.


Customer Data. If your Personal Data has been submitted to us by or on behalf of a BlackLine customer or partner and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer or partner directly.


Unsubscribe from Marketing Emails. You can opt-out of being contacted by us for marketing purposes by following the instructions in marketing emails we send to unsubscribe or by using the information in the “Contact Us” section of this Policy, below. Please note that opting-out of marketing communications does not affect your receipt of business or operational communications that are important to your interaction with BlackLine, such as communications about your subscriptions, service announcements, support/service communications, security updates, event registration updates or account management communications.


Opt-out of Targeted Advertising. You may opt-out of targeted advertising by clicking “Cookie Settings” below or by implementing the Global Privacy Control (GPC). For instructions on how to download and use GPC, please visit https://globalprivacycontrol.org. See our Cookie Policy for more information.


Lodge a Complaint with a Data Protection Authority. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the European Economic Area, the United Kingdom or Switzerland, you have the right to lodge a complaint with your local data protection authority. Information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html), respectively. If you are a resident of Australia and you are not satisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”) by contacting the OAIC using the methods listed on their website.


Additional Rights and Disclosures


Children. If you’re under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, you have the right to opt-in to certain disclosures of your Personal Data to third parties. Our websites and services are not directed at children. We do not knowingly collect Personal Data from children under the age of 13. We do not knowingly collect Personal Data of children between 13-18 unless we have obtained consent from a parent or guardian, or such collection is subject to a separate agreement with us or the visit by a child is unsolicited or incidental. If you believe we have mistakenly or unintentionally collected Personal Data of a minor without appropriate consent, please contact us by using the information in the Section of this Policy with the heading, “Contact Us” and we will take steps to delete their Personal Data from our systems.


Selling and Sharing. For purposes of the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (collectively, the “CPRA”), a “sale” is the disclosure of Personal Data to a Third Party (as defined in the CPRA) for monetary or other valuable consideration, and a “share” is the disclosure of Personal Data to a Third Party for cross-context behavioral advertising (as defined in the CPRA), whether or not for monetary or other valuable consideration, subject to exemptions. We do not sell Personal Data to third parties in exchange for money or as “sell” is traditionally defined. In addition, under CPRA’s definitions and exemptions, we do not “sell” or “share” Personal Data to Third Parties. We do not have actual knowledge that we “sell” or “share” Personal Data under 16 years of age. Under other applicable data protection laws’ definition of “sell” and exemptions, we do not “sell” Personal Data to third parties.


Targeted Advertising. We may allow third parties to collect Personal Data from our sites or services if those third parties are authorized service providers who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data. In addition, we may share Personal Data (in the form of identifiers and internet activity information) with third party advertisers for purposes of targeting advertisements on non-BlackLine websites, applications and services, but only if you direct us to disclose your Personal Data to third parties. Such processing may qualify as processing Personal Data for purposes of targeted advertising, as the terms “process” and “targeted advertising” are defined in applicable data protection laws. To opt-out of targeted advertising, see the Section “Exercising Your Privacy Rights” in this Policy.


California Categories of Personal Data. California law requires that we detail the categories of Personal Data that we disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products, and to such other entities as described in the Sections “How We Collect and Use Your Personal Data” and “How We Disclose your Personal Data” of this Policy. We disclose the following categories of Personal Data for our business purposes: identifiers, commercial Information, Internet activity information, financial information, professional and employment-related information, education information, geolocation data, audio and visual data, in limited circumstances where allowed by law information that may be protected characteristics under California or United States law; and inferences drawn from any of the above information categories.


California Sensitive Personal Information. The CPRA grants you the right to limit the use or disclosure of “sensitive personal information,” as that term is defined by the CPRA. We do not collect or process any such sensitive personal information for the purpose of inferring characteristics about you. Accordingly, we do not provide a mechanism for you to request that we limit our use or disclosure of sensitive personal information.


California Shine the Light. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our websites that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. Our disclosure requirements apply only if we share your Personal Data with third parties for them to directly market their own products or services to you, instead of assisting us with our own business. To make such a request, please contact us by using the information in the Section of this Policy with the heading, “Contact Us”.


Changes to this Privacy Policy

This Policy may be amended or revised from time to time at the discretion of BlackLine. Changes to this Policy will be posted on the website and links to the Policy will indicate that the statement has been changed or updated. If we propose to make any material changes, we will provide notice on this page, sending you an email notification, or if you subscribe to our products and services, via BlackLine’s products and services prior to the change becoming effective. We encourage you to periodically review this Policy for the latest information on our privacy practices.


Contact Us

If you have any questions about this Policy, or wish to exercise your rights, please submit your request to PrivacyRequest@blackline.com. You may also contact us at the mailing address below:


BlackLine Systems, Inc.
21300 Victory Blvd., 12th Floor.
Woodland Hills, CA 91367


Attn: Data Protection Officer


When you contact us, please indicate in which country and/or state you reside.

If you have a disability which prevents you from accessing this Policy, please contact PrivacyRequest@blackline.com to access this Policy in an alternative format.