True, but storing the IP address server-side for purposes other than serving the HTTP request doesn't fall under (b).

Diagnostic logging (e.g. apache logs) is probably okay as long as the organization can show that these logs are destroyed in a reasonable timeframe, but FAFAIK even that is legally a gray area (in the sense that it isn't explicitly forbidden nor allowed).