What data do we hold
The personal information we hold is provided by our members when they purchase a membership (except credit card details) and by participants of events we host.
Storage of payment details
Payment details are not stored, processed or transmitted through thankQ, our membership software. Transactions are processed through a secured API by SecurePay, which is a PCI DSS validated third-party service provider. SecurePay converts your payment details into tokens, and these tokens are stored in our system.
Where is data stored
The data is stored on the hosted thankQ environment which is segregated on separate servers and accessible only by authenticated user accounts. These user accounts can only be requested by Bicycle Queensland and set up by thankQ authorized technical staff.
Access to the server is via HTTPS encrypted tunnel – RD Web. Access to the data is provided to relevant Bicycle Queensland personnel, managed by Windows AD, requiring a username and password to authenticate.
thankQ manages the security of the servers including backup data processes. This back up data is not accessible to users or from the server systems by ordinary accounts.
How do we ensure the data’s security
thankQ maintains policies and controls to manage IT and security, which are tested annually. They have an incident response plan with mechanisms to detect and respond to information security incidents in a timely manner. They use a threat management platform which provides automatic detection and response to security threats.
Data held on servers and on any local PC or laptop is encrypted, and data is also encrypted during transmission between Bicycle Queensland and the hosted database environment (using HTTPS).
In the event Bicycle Queensland changes to a different membership database, the hosted database environment is retained for 30 days and then permanently and securely deleted, including all backup images.
Business Continuity Programme (BCP) of the membership platform
Regular Disaster Recovery testing has demonstrated thankQ can recover quickly from system failures related to data, services and access to normal work locations.
Bicycle Queensland’s corporate data security control measures
All corporate data is maintained on Windows servers secured in alignment with and/or referencing current recommended security standards including The Essential Eight and ISO/27001. We work with our IT support to meet these guidelines.
Attacks are prevented using application controls, patching applications, configuring MS Office Macros, and employee education about cyber security.
Attacks are limited by restricting admin privileges, patching OS systems and multi-factor authentication.
Daily backups of data are performed.