Privacy Policy

Last Updated: December 14, 2025

IMPORTANT: This Privacy Policy explains how Inter Biotech Services collects, uses, shares, and protects your personal information. By using our website, mobile applications, or services, you agree to the practices described in this Privacy Policy. Please read this policy carefully.

1. Introduction

Madison DBA Inter Biotech Services (“IBS,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal data in connection with:

  • Our website at https://ibs3.com (the “Site”)
  • Our white-label mobile applications
  • Our e-commerce solutions, payment processing integration, and fraud prevention services
  • Our consulting and technical services
  • Communications with prospective and current clients

This Privacy Policy applies to all users of our services, including website visitors, mobile application users, and business clients.

1.1 Data Controller

Madison DBA Inter Biotech Services
ul. Mielęckiego 10 lok 503
40-013 Katowice, Poland
Email: [email protected]

As a company based in Poland (European Economic Area), we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

We collect different types of information depending on how you interact with our services:

2.1 Information You Provide Directly

Account and Registration Information:

  • Name and business name
  • Email address
  • Phone number
  • Business address
  • Company information (industry, size, website)
  • Login credentials (username and encrypted password)

Service-Related Information:

  • Payment information (processed by third-party payment processors; we do not store full credit card numbers)
  • Project requirements and specifications
  • Content and materials you provide for website development, marketing, or consulting services
  • Customer support inquiries and communications
  • Feedback, survey responses, and testimonials

Mobile Application Data:

  • Email address for account authentication
  • Login credentials (encrypted)
  • User preferences and settings
  • Device information (device type, operating system, app version)

2.2 Information Collected Automatically

Website Usage Data:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referring website or source
  • Date and time of visits
  • Click patterns and navigation paths

Cookies and Tracking Technologies:

  • Session cookies for website functionality
  • Analytics cookies to understand how visitors use our Site
  • Marketing cookies (with your consent) for advertising purposes
  • See Section 8 for detailed information about cookies

2.3 Information from Third Parties

We may receive information about you from:

  • Payment processors (transaction confirmations, payment status)
  • Analytics providers (aggregated usage statistics)
  • Marketing platforms (campaign performance data)
  • Publicly available sources (business information, industry data)

2.4 Fraud Prevention Consortium Data

For our Fraud Prevention Consortium service:

  • We collect email addresses and shipping addresses from participating merchants
  • This data is immediately converted to SHA-256 cryptographic hashes
  • We do NOT store raw email addresses or shipping information
  • Only irreversible hashed values are stored and shared within the consortium
  • It is mathematically impossible to reverse-engineer original data from hashes

2.5 What We Do NOT Collect

IBS explicitly does NOT collect, store, or process:

  • Health data, medical information, or health records
  • Biometric data (fingerprints, facial recognition, etc.)
  • Genetic or biological data
  • Information about physical or mental health conditions
  • Medical treatment or diagnosis information
  • Any data covered under HIPAA or similar health privacy regulations
  • Customer protocol tracking data from mobile apps (this remains on user devices only)
  • Full credit card numbers or payment card details (handled by third-party processors)
  • Social Security numbers or government identification numbers
  • Sensitive personal data as defined by GDPR Article 9 (except as necessary for legal compliance)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision and Performance

  • Providing, operating, and maintaining our services
  • Processing transactions and managing payments
  • Creating and managing user accounts
  • Delivering website development, mobile applications, and consulting services
  • Providing technical support and customer service
  • Sending service-related notifications and updates
  • Operating the Fraud Prevention Consortium and protecting merchants from fraud

3.2 Communication

  • Responding to inquiries, questions, and support requests
  • Sending important notices about service changes, terms updates, or security alerts
  • Providing project updates and deliverable notifications
  • Sending invoices and payment reminders

3.3 Business Operations

  • Managing contracts and service agreements
  • Processing payments and maintaining financial records
  • Conducting internal audits and quality assurance
  • Training staff and improving service delivery
  • Preventing, detecting, and investigating fraud or security incidents

3.4 Analytics and Improvement

  • Analyzing website usage to improve user experience
  • Understanding how clients use our services
  • Identifying trends and optimizing our offerings
  • Developing new features and services
  • Testing and improving website performance

3.5 Marketing (With Consent)

  • Sending promotional emails about our services (you can opt out at any time)
  • Displaying relevant advertisements on third-party platforms
  • Conducting market research and surveys
  • Creating case studies and success stories (with explicit permission)

3.6 Legal Compliance and Protection

  • Complying with legal obligations and regulatory requirements
  • Responding to legal requests, court orders, or government inquiries
  • Protecting our rights, property, and safety
  • Enforcing our Terms and Conditions
  • Defending against legal claims
  • Preventing illegal activities and violations of our policies

4. Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on the following legal grounds:

4.1 Contractual Necessity

Processing is necessary to perform our contract with you (providing services you’ve requested):

  • Account management and authentication
  • Service delivery (website development, payment processing, mobile apps)
  • Customer support and communications
  • Payment processing and invoicing

4.2 Legitimate Interests

Processing is necessary for our legitimate business interests (balanced against your privacy rights):

  • Fraud prevention and security
  • Network and information security
  • Analytics and service improvement
  • Internal business operations and administration
  • Marketing to existing clients about similar services

4.3 Consent

Where we’ve obtained your explicit consent:

  • Marketing communications to prospective clients
  • Non-essential cookies and tracking technologies
  • Sharing testimonials or case studies
  • Processing data for purposes not covered by other legal bases

You can withdraw consent at any time by contacting us or using opt-out mechanisms provided.

4.4 Legal Obligations

Processing is necessary to comply with legal requirements:

  • Tax and accounting obligations
  • Responding to lawful requests from authorities
  • Anti-money laundering and financial regulations
  • Data retention requirements

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information in the following circumstances:

5.1 With Your Clients (For Services We Provide)

If we develop websites, mobile applications, or systems for your business:

  • You maintain ownership and control of your customer data
  • We may access client data solely to provide services (hosting, maintenance, support)
  • We act as a data processor on your behalf
  • You remain responsible for compliance with data protection laws regarding your customers

5.2 Fraud Prevention Consortium Participants

For merchants participating in our Fraud Prevention Consortium:

  • SHA-256 hashed email and shipping data is shared among consortium members
  • No raw personal information is ever shared
  • Hashes cannot be reverse-engineered to identify individuals
  • Purpose: preventing fraudulent transactions across multiple merchants

5.3 Service Providers and Partners

We share information with trusted third parties who assist with business operations:

  • Payment processors (e.g., Stripe) – for processing transactions
  • Hosting providers – for website and application infrastructure
  • Email service providers – for sending communications
  • Analytics providers – for understanding website usage
  • Marketing platforms – for advertising and campaign management
  • Cloud storage providers – for data backup and storage

These service providers are contractually obligated to protect your data and use it only for specified purposes.

5.4 Legal Requirements and Protection

We may disclose information when required by law or to protect our rights:

  • In response to subpoenas, court orders, or legal processes
  • To comply with government or regulatory requests
  • To protect against fraud, security threats, or illegal activities
  • To enforce our Terms and Conditions
  • To protect the rights, property, or safety of IBS, our clients, or the public
  • In connection with legal proceedings or investigations

5.5 Business Transfers

If IBS is involved in a merger, acquisition, sale of assets, or bankruptcy:

  • Personal information may be transferred to the acquiring entity
  • We will notify you via email and/or prominent notice on our Site
  • The acquiring entity will be bound by this Privacy Policy

5.6 With Your Consent

We may share information for other purposes with your explicit consent, such as:

  • Publishing testimonials or case studies
  • Sharing information with specific partners you’ve authorized
  • Participating in joint marketing initiatives

6. Data Security

We implement comprehensive security measures to protect your personal information:

6.1 Technical Security Measures

  • Encryption: Data transmitted to and from our Site uses TLS/SSL encryption
  • Password protection: All passwords are encrypted using industry-standard hashing algorithms
  • Secure servers: Data is stored on secure servers with restricted access
  • Firewalls: Network security controls to prevent unauthorized access
  • Regular updates: Security patches and software updates are applied promptly
  • Vulnerability scanning: Regular security assessments to identify and address risks

6.2 Organizational Security Measures

  • Access controls: Limited access to personal data on a need-to-know basis
  • Employee training: Staff are trained on data protection and security practices
  • Confidentiality agreements: Employees and contractors sign confidentiality agreements
  • Incident response: Procedures for detecting, responding to, and reporting security breaches
  • Data minimization: We collect only the data necessary for specified purposes

6.3 Fraud Prevention Consortium Security

  • SHA-256 cryptographic hashing (irreversible one-way encryption)
  • No storage of raw email addresses or shipping information
  • Secure transmission protocols for hash verification
  • Regular security audits of consortium infrastructure

6.4 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the Internet or stored electronically. You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Logging out of accounts when using shared devices
  • Notifying us immediately of any unauthorized access or security concerns

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

7.1 Retention Periods

Account Data:

  • Active accounts: Retained for the duration of the business relationship
  • Inactive accounts: Retained for up to 2 years after last activity, then deleted unless legal obligations require retention

Mobile Application Login Data:

  • Retained while accounts are active
  • Deleted within 30 days of account closure or deletion request

Fraud Prevention Consortium Data:

  • Hashed data retained indefinitely to protect the merchant network
  • No personally identifiable information is stored (only irreversible hashes)

Financial Records:

  • Invoices, payment records, and tax documents: Retained for 7 years as required by law

Communications:

  • Email correspondence: Retained for up to 3 years or as needed for business purposes
  • Support tickets: Retained for up to 2 years after resolution

Marketing Data:

  • Prospective client information: Retained for up to 2 years after last contact
  • You can opt out or request deletion at any time

Website Analytics:

  • Aggregated analytics data: Retained for up to 26 months
  • IP addresses: Anonymized or deleted after 90 days

7.2 Deletion and Anonymization

When retention periods expire or you request deletion:

  • Personal data is securely deleted or anonymized
  • Anonymized data (stripped of personal identifiers) may be retained for analytics
  • Backups containing personal data are deleted within 90 days
  • Some data may be retained longer if required by legal obligations

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Site. They help us provide and improve our services.

8.2 Types of Cookies We Use

Essential Cookies (Always Active):

  • Session cookies for website functionality
  • Authentication cookies to keep you logged in
  • Security cookies to prevent fraud and protect your account
  • Load balancing cookies for website performance

Analytics Cookies (With Consent):

  • Google Analytics to understand website usage patterns
  • Performance monitoring to identify technical issues
  • Heatmap tools to analyze user behavior

Marketing Cookies (With Consent):

  • Advertising cookies for retargeting campaigns
  • Social media pixels (Facebook, LinkedIn) to measure campaign effectiveness
  • Conversion tracking to optimize marketing spend

8.3 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Remain on your device for a set period (typically 30 days to 2 years)

8.4 Managing Cookies

You can control cookies through:

  • Browser settings: Most browsers allow you to refuse or delete cookies
  • Cookie consent banner: Adjust preferences when you first visit our Site
  • Opt-out tools: Use third-party opt-out mechanisms for advertising cookies

Note: Disabling essential cookies may affect website functionality. Disabling analytics or marketing cookies will not impact core services.

8.5 Do Not Track Signals

Our Site does not currently respond to “Do Not Track” browser signals, as there is no industry standard for how to interpret such signals.

9. Your Privacy Rights

Under GDPR and other data protection laws, you have the following rights:

9.1 Right to Access

You can request confirmation of whether we process your personal data and obtain a copy of that data.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

9.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances, such as:

  • Data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • Data was processed unlawfully

Limitations: We may retain data if required by law or for legal claims, financial record-keeping, or fraud prevention (hashed data in consortium).

9.4 Right to Restriction of Processing

You can request that we limit how we use your data in certain situations, such as:

  • While we verify the accuracy of disputed data
  • When processing is unlawful but you prefer restriction over deletion
  • When you need data for legal claims but we no longer need it

9.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to file a complaint with a supervisory authority if you believe we have violated data protection laws.

For Poland (our location):
Urząd Ochrony Danych Osobowych (UODO)
Website: https://uodo.gov.pl

9.9 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: [email protected]
  • Subject line: “Privacy Rights Request”
  • Include: Your name, email address, and specific request

We will respond within 30 days. We may request additional information to verify your identity before fulfilling requests.

10. International Data Transfers

10.1 Primary Processing Location

As a company based in Poland (European Economic Area), personal data is primarily processed within the EEA, which provides a high level of data protection under GDPR.

10.2 Transfers Outside the EEA

In some cases, we may transfer data to countries outside the EEA, including:

  • United States (for services like cloud hosting, analytics, payment processing)
  • Other countries where our service providers operate

10.3 Safeguards for International Transfers

When transferring data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved contracts that require third parties to protect your data
  • Adequacy decisions: Transfers to countries deemed by the EU to have adequate data protection laws
  • Binding Corporate Rules: For transfers within multinational organizations
  • Specific consent: Where appropriate and legally required

Service providers based outside the EEA are contractually obligated to maintain GDPR-equivalent protections.

11. Children’s Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

If you are under 18, do not:

  • Use our website, mobile applications, or services
  • Provide any personal information to us
  • Register for an account

If we discover that we have collected personal information from a child under 18, we will delete it immediately. If you believe we have collected data from a child, please contact us at [email protected].

12. Third-Party Links and Services

Our Site may contain links to third-party websites, applications, or services that we do not control. This Privacy Policy applies only to IBS services.

12.1 Third-Party Websites

We are not responsible for the privacy practices of:

  • External websites linked from our Site
  • Client websites we develop or host (clients are responsible for their own privacy policies)
  • Social media platforms where we maintain a presence
  • Third-party service providers (payment processors, analytics tools, etc.)

We encourage you to read the privacy policies of any third-party services you use.

12.2 Third-Party Services We Use

Our services integrate with various third parties. Each has its own privacy policy:

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our business practices
  • New legal requirements or regulatory guidance
  • Technological developments
  • Feedback from users and regulators

13.1 Notification of Changes

When we make material changes to this Privacy Policy:

  • We will update the “Last Updated” date at the top of this policy
  • We will notify you via email (if you have an account)
  • We may display a prominent notice on our Site
  • For significant changes affecting your rights, we may seek your consent

13.2 Your Continued Use

Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you should discontinue using our services and request deletion of your account.

13.3 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Data Protection Officer

Given the nature and scale of our operations, we have not appointed a formal Data Protection Officer (DPO) as we are not required to do so under GDPR Article 37.

However, all privacy-related inquiries should be directed to:

Privacy Contact:
Email: [email protected]
Subject line: “Privacy Inquiry”

We will respond to all privacy inquiries within 30 days.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Madison DBA Inter Biotech Services
ul. Mielęckiego 10 lok 503
40-013 Katowice, Poland

Email: [email protected]
Subject line: “Privacy Inquiry”

Response Time: We will respond to all inquiries within 30 days. For urgent privacy matters, please mark your email as “Urgent – Privacy”.

15.1 What to Include in Your Privacy Request

To help us process your request efficiently, please include:

  • Your full name and email address associated with your account
  • Clear description of your request or concern
  • Any relevant account information or reference numbers
  • For access or deletion requests: Identification verification (we may request additional information to confirm your identity)

16. Specific Information for Different User Types

16.1 For Website Visitors

If you only visit our Site without creating an account:

  • We collect basic usage data through cookies and analytics
  • You can control cookies through browser settings
  • No account data is collected unless you contact us or sign up

16.2 For Business Clients

If you use our services (website development, payment processing, fraud prevention):

  • We collect account and business information as described in Section 2
  • We act as a data processor for your customer data (you remain the controller)
  • You are responsible for maintaining privacy policies for your own customers
  • We provide tools and infrastructure; you must ensure GDPR compliance for your business

16.3 For Mobile App Users

If you use white-label mobile applications we’ve developed:

  • We collect email and login credentials as described in Section 2.1
  • Protocol tracking data remains on your device only (we do not access or store it)
  • When making purchases, you’re redirected to the merchant’s website (they handle transaction data)
  • You can delete your account and data at any time through app settings or by contacting the merchant

16.4 For Fraud Consortium Participants

If you participate in our Fraud Prevention Consortium:

  • Customer email and shipping data is converted to SHA-256 hashes
  • Only hashes are stored and shared with other consortium members
  • Original data cannot be recovered from hashes
  • Hashed data remains in the database indefinitely to protect the merchant network
  • You can discontinue consortium participation at any time

IMPORTANT REMINDER: IBS does not collect, store, or process health data, medical information, or any data covered under HIPAA. Our mobile applications are for business operations and product management only—not for tracking health metrics or medical information.

17. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

17.1 Right to Know

  • Categories of personal information collected
  • Sources from which information was collected
  • Business purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information we hold about you

17.2 Right to Delete

You can request deletion of personal information we collected from you, subject to certain exceptions.

17.3 Right to Opt-Out of Sale

We do not sell personal information as defined by CCPA. We do not and will not sell your personal data to third parties.

17.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including by:

  • Denying goods or services
  • Charging different prices or rates
  • Providing different quality of goods or services

17.5 Exercising CCPA Rights

To exercise these rights, contact us at [email protected] with subject line “CCPA Privacy Request”.

18. Additional Privacy Information

18.1 Automated Decision-Making

Our fraud prevention system uses automated analysis to flag potentially fraudulent transactions based on hashed data matching. However:

  • Merchants review flagged transactions before final decisions
  • Customers can contact merchants to dispute blocks
  • No purely automated decisions are made without human review

18.2 Data Accuracy

You are responsible for ensuring the accuracy of information you provide. Please:

  • Keep your account information up to date
  • Notify us of any changes to your contact details
  • Review information periodically for accuracy
  • Request corrections if you identify inaccurate data

18.3 Account Security Recommendations

To protect your account:

  • Use a strong, unique password (minimum 12 characters with mixed case, numbers, and symbols)
  • Never share your password with others
  • Log out when using shared or public devices
  • Enable two-factor authentication if available
  • Be cautious of phishing emails claiming to be from IBS
  • Contact us immediately if you suspect unauthorized access

ACKNOWLEDGMENT: By using Inter Biotech Services’ website, mobile applications, or services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.