Privacy Policy

Privacy Policy

General Information

This Privacy Policy is intended to provide a sense of security to every user of our website https://www.ibsc.pl and to users of our applications/extensions designed for Microsoft Dynamics 365 Business Central (collectively referred to as the “IBSC Services”).

This Privacy Policy applies solely to the website of IBSC Bank Serwis Sp. z o.o. Sp. k. and the software/extensions developed by this company. Our website may contain links to other websites and online services. We encourage you to review the privacy policies applicable to those websites after navigating to them.

We respect the privacy of users of our website and users of our applications. The security of our users is very important to us.

The operation of our IBSC Services complies with universally and strictly applicable legal provisions, as well as commonly adopted principles governing the functioning of online services and software, including in particular user security and the technical and organizational measures used to ensure such security.

We reserve the right to amend this Privacy Policy by appropriately modifying its provisions. However, any changes will not violate the fundamental principles of user security and privacy.

Using our IBSC Services constitutes acceptance of the terms of this Privacy Policy.

Information Clause (Website and Business Central Extensions)

The controller of personal data of users of the website https://www.ibsc.pl and users of our applications/extensions for Microsoft Dynamics 365 Business Central (collectively referred to as “Users”) is IBSC Bank Serwis Sp. z o.o. Sp. k., with its registered office in Bydgoszcz, ul. Chodkiewicza 38, 85-667 Bydgoszcz, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Bydgoszcz, 13th Commercial Division of the National Court Register, under KRS number 0000778866, NIP 967-14-26-423, REGON 382919030 (hereinafter referred to as “IBSC” or the “Controller”).

Users may contact the Controller via e-mail at: ODO@ibsc.pl or by phone at +48 52 32 04 010.

The Controller obtains information about Users as follows:

  • through data voluntarily provided by Users in the contact form available on the website (hereinafter referred to as the “Form”);
  • through the storage of cookies on Users’ end devices;
  • (Business Central extensions) through the automatic collection of technical telemetry data originating from our applications/extensions for Microsoft Dynamics 365 Business Central.

Personal data of Users is processed by the Controller lawfully, fairly, and transparently for the data subject. The legal basis for processing User personal data is either the User’s consent or an applicable provision of universally binding law, and in the case of telemetry — the Controller’s legitimate interest, described below. User consent is given by selecting the appropriate checkbox on the website or in another equivalent manner. Users may withdraw their consent at any time by submitting a statement withdrawing consent for personal data processing, for example by sending it to: ODO@ibsc.pl. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

Personal data of Users is processed, to the extent they have consented, for the following purposes:

  • responding to a User inquiry submitted via the Form,
  • providing Users with commercial information, marketing, promotion, and advertising of IBSC’s own products and services or those of third parties cooperating with IBSC,
  • facilitating User participation in webinars,
  • conducting recruitment,

and where processing is based on applicable legal provisions, for the following purposes:

  • taking action at the User’s request prior to entering into a contract with the User or performing a contract to which the User is a party.

(Business Central extensions) Additionally, based on the Controller’s legitimate interest (Article 6(1)(f) GDPR), we process limited telemetry data to ensure the proper functioning of our extensions, diagnose errors, monitor performance and stability, improve security, and develop functionality. For support requests, the legal basis may also be Article 6(1)(b) GDPR (performance of a contract).

User personal data will be stored for the period necessary to achieve the processing purposes described above, and thereafter for the period required to fulfill legal obligations that require the processing of User personal data.

Providing personal data by the User is voluntary but necessary for the achievement of the purposes described above.

Users have the right to request access to their personal data, rectification, portability, erasure, restriction of processing, and the right to object to processing.

Users have the right to lodge a complaint with the competent supervisory authority (data protection authority) regarding the processing of their personal data by the Controller.

Personal data may be disclosed to entities authorized to receive such data under applicable law, including relevant judicial authorities. Personal data may also be transferred — to the necessary extent and for the necessary period — to third parties designated by the Controller, including entities performing services on behalf of the Controller for the purposes described in this Privacy Policy.

Based on a User’s personal data, the Controller may make decisions resulting from automated processing, including profiling, if necessary for concluding or performing a contract between the User and IBSC. Profiling means processing personal data to assess certain User characteristics, particularly to analyze or forecast personal preferences, interests, reliability, behavior, or location. Such decisions are preceded by an assessment of their necessity, scope, and the need for automated processing results, including profiling, with consideration for the protection of User interests and privacy, to tailor the User’s predispositions to the needs of a contract with IBSC.

The Controller may log connection parameters via the website (timestamp, IP address).

Cookie Information

The website uses cookies.

Cookies are IT data, in particular text files, stored on the User’s end device and used for accessing the website. Cookies usually contain the name of the website they originate from, their storage duration, and a unique identifier.

The entity placing cookies on the User’s end device and accessing them is IBSC.

Cookies are used for the following purposes:

  • creating statistics to understand how Users use the website, enabling improvements to its structure and content;
  • maintaining a User session (after logging in), ensuring Users do not need to re-enter their login and password on each page.

The website uses two types of cookies:

  • session cookies — temporary files stored until logout, leaving the website, or closing the browser;
  • persistent cookies — stored for the time specified in their parameters or until manually deleted by the User.

Web browsers typically allow the storage of cookies by default. Users may change cookie settings, delete cookies, or configure automatic blocking. Details are available in browser documentation.

Blocking cookies may affect some website functionalities.

Cookies stored on Users’ devices may also be used by IBSC partners and advertisers. We recommend reading their privacy policies, particularly:

  • Google Analytics Privacy Policy
  • DMSales Privacy Policy

Server Logs

Certain User activities are logged at the server layer. Data is used solely for administration and to ensure efficient hosting service delivery.

Logged data may include:

  • time of request,
  • time of response,
  • User device name (HTTP identification),
  • information about HTTP transaction errors,
  • referring URL,
  • browser information,
  • IP address.

These data are not associated with specific individuals and are used only for server administration.

Telemetry for Microsoft Dynamics 365 Business Central Extensions

Within our Business Central extensions, we may process limited technical data (telemetry), in particular:

  • extension identifier and version,
  • environment/tenant ID (GUID) and environment type (Sandbox/Production),
  • error and exception details (codes, system messages, stack traces),
  • performance metrics (execution times, event frequency, basic resource usage),
  • usage metrics (e.g., number of action executions, success status),
  • basic environment configuration parameters (e.g., region, Business Central version).

Telemetry is used solely to ensure correct operation, diagnose errors, monitor performance and stability, improve security, and enhance product quality and functionality.

We do not intentionally collect business data (e.g., documents, customer data, financial values). If such data might exceptionally appear in logs, we apply minimization, masking, and limited retention measures.

Telemetry is collected via Microsoft Azure Application Insights (Microsoft acts as a processor, based on a data processing agreement and Microsoft security standards). Telemetry may be processed in EU data centers; transfers outside the EEA are conducted under legally required safeguards.

Telemetry retention: generally up to 90 days (Application Insights default), unless extended for incident handling, claims, or legal requirements.

Telemetry is not used to make decisions producing legal effects for Users nor for marketing profiling; analysis is purely technical.

Users retain GDPR rights (as listed earlier). Due to the technical and often pseudonymized/anonymous nature of telemetry, identifying specific individuals may not be possible.

Managing Cookies – How to Give and Withdraw Consent?

If a User does not wish to receive cookies, they may adjust browser settings. Disabling cookies essential for authentication, security, or preference storage may disrupt or prevent website usage.

Instructions are available for:

  • Internet Explorer
  • Chrome
  • Safari
  • Firefox
  • Opera
  • Android
  • Safari (iOS)
  • Windows Phone
  • Blackberry

Final Provisions

IBSC reserves the right to amend this Privacy Policy for important reasons, including:

  • changes in applicable law (especially regarding data protection, telecommunications, or electronic services),
  • development of electronic services or functionality resulting from technological advancements and evolution of our applications/extensions, including implementation of new technological or technical solutions affecting this Privacy Policy.

IBSC will publish information about any changes on the website.

This version of the Privacy Policy is effective as of 01 March 2026.