In this policy we will set out how we collect and process personal data and client data. We will also set out our data breach procedures. GKM Divine Services is committed to protecting the privacy and security of your personal information. We only collect and use personal data in line with the General Data Protection Regulation, the Data Protection Act and any other applicable laws and regulations. This Notice informs you (the ‘data subject’) about our processing activities: the data we hold, why we use it, how long we will retain it for, and other relevant information.
Any questions and requests regarding personal data may be sent to our Data Protection Officer by sending an email to: info@gkmdivineservices.co.uk
1. Candidate Data
In the collection of this data, we will ask our candidates for their explicit consent for personal data to be collected and used. This consent will form the lawful basis for the processing and will be asked for at the time of registration to the recruitment agency.
• Information we collect.
• How we store this data
• What rights candidates must access their data.
• The right for candidate data to be deleted on request.
• The reasons why we are storing candidate data.
• How long we keep this data.
• Who we share this data with?
Information we collect.
We collect information for the purposes of registering candidates to take on assignments at client premises. The information we need for this are:
Name and address, current CV, all qualifications for the role applied for, contact information to include telephone numbers, email address and references from former employers.
How we store this data
All data collected will be stored digitally on secure computers and paper files will be stored in locked cabinets. What rights candidates must access their data.
Candidate information is held in a transparent and lawful manner and can be accessed on request at any time in writing. The right for candidate data to be deleted on request.
A candidate has the right of ensuring all personal data is held when they cease to work for the agency with the exception of information, we are lawfully obliged to keep for Government agencies. The reasons why we are storing candidate data.
The reason we hold personal data on our candidates is so we can lawfully operate an Employment Business for the purposes of supplying staff to clients. We have an obligation to our clients to provide staff with the correct qualifications and experience to carry out the duties required. How long we keep this data?
We will keep this data for 5 (five) years from the day the candidate leaves the agency.
Who do we share this data with?
By consenting to use your personal data for the purposes of recruitment we will share your information with third parties for the purposes of work assignments only. This information will never include information such as bank account details but will include information to show your suitability for the role. We will only give full information if requested to do so by Law Enforcement Agencies.
2. Client Data
When a client account is set up by GKM Divine Services the following procedures are put in place.
• We store the account documents in a locked cabinet.
• The account invoice details are stored on the computer.
• A record card is created and stored in a locked cabinet.
• Contact details are entered on to a database and used to contact you by telephone, e-mail and post.
• Your contact details are also stored onto a password protected mobile phone.
• Your contact details are sent to candidate that are interested into the vacancy.
• A database is created that list which candidate have been booked for interviews.
• All computer digital records are protected with several layers of software to protect from cyber-attacks and virus attacks.
• All digital records are password protected.
If you have not used our services for five (5) years, then we will contact you and request whether you would like your information to be discarded or if you would like to remain on the database system. If we do not obtain a response, then all records will be deleted.
Data Breach Procedures
INFORMING THE INFORMATION COMMISSIONER’S OFFICE
• In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Information Commissioner’s Office in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification is not made to the ICO within 72 hours, it shall be accompanied by reasons for the delay.
• The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
• The notification referred to in paragraph 1 shall at least:
• Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned.
• Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained.
• Describe the likely consequences of the personal data breach.
• Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including where appropriate, measures to mitigate its possible adverse effect.
• Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue delay.
• The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.
RIGHT TO WITHDRAW CONSENT
By registering with GKM Divine Services you have given us the consent to use your data in line with GDPR policy. In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please notify us on the email address info@gkmdivineservices.co.uk Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to unless we have another legitimate basis for doing so in law.
COMPLAINTS
If you have any concerns or complaints about data protection you should first raise this with us either by email to: info@gkmdivineservices.co.uk or by phone: at +44 1473954848.
If you have a complaint or concern that has not been remedied internally, you may choose to raise this with the Information Commissioner’s Officer (ICO). Visit www.ico.org for more information.
GKM Divine Services Modern Slavery and human trafficking statement
Modern slavery is an awful and often unseen crime, and the impact can be devastating for the victims. This can be broadly grouped into four categories but is not limited to:
GKM Divine Services recognises its responsibility to take a robust approach to modern slavery and human trafficking. To demonstrate this, we have recently conducted an internal audit on modern-day slavery to support the Team in managing its modern-day slavery risk exposure.
This annual statement sets out our actions to understand all potential modern slavery risks related to our activities and to put in place steps to eliminate acts of modern slavery and human trafficking within our business and partners. We are committed to preventing slavery and human trafficking in all its activities, and to ensuring our supply chains are also free of this.
The publication of this annual statement is part of that commitment and highlights our activities to address this.
. GKM Divine Services Limited has a zero-tolerance approach to any form of modern slavery and human trafficking. We are committed to acting ethically and with integrity and transparency in all business dealings and to putting effective systems and controls in place to safeguard against any form of modern slavery taking place within the business or our supply chains.
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes GKM Divine Services’ slavery and human trafficking statement for the financial year ending 2021.
Our organisation’s structure.
GKM Divine Services were established in November 2019 to provide Healthcare, Commercial, and Industrial staffing to both NHS and Private Hospitals.
GKM Divine Services Limited implements its business strategy in an ethically, socially and environmentally responsible manner. We fully acknowledge our responsibility to respect human rights as set out in the International Bill of Human Rights. The IBHR informs all our policies related to the rights and freedoms of every individual who works for us, either as a direct employee, agency worker or indirectly through our supply chain. We are also committed to implementing the United Nations Guiding Principles on Business and Human Rights throughout our operations. Respect for the dignity of the individual – and the importance of everyone’s human rights – form the basis of the behaviours we expect in every workplace nationally.
We will not accept any form of discrimination, harassment or bullying and we require all of our managers to implement policies designed to increase equality of opportunity and inclusion for all employees including agency workers. We have also developed and implemented policies and processes which are intended to extend these commitments through our supply chain.
Policies
We have several internal policies to ensure that we are conducting business ethically and transparently. These include:
Direct Communication
The Company encourages members of the public or people not employed by us to write, in confidence, to raise any concern, issue or suspicion of modern slavery in any part of our business.
Suppliers
We seek to partner with suppliers who uphold our high standards of social, environmental and ethical conduct providing safe working conditions, treating workers with dignity and respect, acting fairly and ethically and using environmentally responsible practices where practicable. To ensure all those in our supply chain including contractors meet this standard we have in place a supply chain compliance programme.
Risk Assessments
Our supply chains include procurement of staff, consumables, facilities maintenance, utilities and waste management. We have conducted a risk assessment and will ensure that we will take further steps to ensure that we support the eradication of modern slavery, that staff understand how to recognise modern slavery and the appropriate safeguarding reporting processes are followed should there be concerns within our supply chains, with customers or suppliers.
Due diligence processes for slavery and human trafficking
We conduct due diligence on all suppliers before allowing them to become a preferred supplier. We include an online search to ensure that particular organisation have never been convicted of offences relating to modern slavery and we include our modern slavery policy as part of our contract with all suppliers. Suppliers are required to confirm that no part of their business operations contradicts this policy. As part of our contract with suppliers, they confirm to us that:
As part of our initiative to identify and mitigate risk we:
We have in place systems to:
Performance indicators
We will know the effectiveness of the steps that we are taking to ensure that slavery is not taking place within our business or supply chain if:
Safeguards
We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken. We are committed to ensuring that no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our business. Detrimental treatment includes dismissal, disciplinary action, threats or other unfavourable treatment connected with raising a concern. GKM Divine Services Limited will accept and take seriously concerns communicated anonymously. However, retention of anonymity does render investigations and makes validation more difficult and can make the process less effective. Individuals are therefore encouraged to put their names to allegations.
Any claims or allegations made which are found to be malicious or vexatious will result in disciplinary action being taken against the individual.
Responsibility for this Statement
The ultimate responsibility for the prevention of modern slavery rests with the GBENGA KINGSLEY MAFIMISEBI for ensuring that this policy and its implementation comply with our legal and ethical obligations. Managers at all levels are responsible for ensuring that those reporting to them understand and comply with this policy and are given adequate and regular training on it and the issue of modern slavery.
Assessment of Effectiveness in Preventing Modern Slavery
We understand that modern slavery risk is not static and will continue our approach to mitigating this risk. We will assess the risk via our internal auditing processes.
This statement has been approved by the director of GKM Divine Services Limited and will be regularly reviewed to ensure that GKM Divine Services Limited is compliant and meeting the requirements of the Modern Slavery Act 2015.
Finding help
If you or someone you know is being or has been exploited or you are unsure if someone is in need of help, assistance and advice is available:
Further information
This statement will be reviewed on an annual basis, which will take place on or before 8 October 2025.
This statement was also published on the Government’s Modern Slavery Statement Register’ which went live on 6 May 2021.
This statement has been signed by GBENGA MAFIMISEBI BUSINESS MANAGER of GKM DIVINE SERVICES LIMITED., Trading as GKM HomeCare.
Further information on modern slavery can be found on GOV.UK.
Print this page
GKM Divine Services value and respect the privacy of everyone who visits this website and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
GKM Divine Services is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with the terms of the following statement.
1. Collection and use of personal data
a) Purpose of processing and legal basis
The Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. This includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients.
In some cases we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
The legal bases we rely upon to offer these services to you are:
• Your consent
• Where we have a legitimate interest
• To comply with a legal obligation that we have
• To fulfil a contractual obligation that we have with you
b) Legitimate interest
This is where the Company has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us. Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is/are as follows:
• To provide work-finding services
c) Recipient/s of data
The Company may process your personal data and/or sensitive personal data with the following recipients:
• Clients that the Company introduce or supply you to in relation to work-finding services
• Your former or prospective new employers that we obtain or provide references to
• The Recruitment and Employment Confederation, the Gangmasters & Labour Abuse Authority and the Company’s ISO9001:2015 Accredited Association Body for audit purposes
• Any umbrella companies that you may wish the Company to pass your data to
• The Company’s insurers & legal advisers
• The Company’s IT and CRM providers
• Any public information sources and third-party organisations that the Company may use to carry out suitability checks on work-seekers e.g. Companies House, the Disclosure and Barring Service (DBS)
• Government, law enforcement agencies and other regulators e.g. Home Office, HMRC
• Any other organisations you ask the Company to share your data with.
d) Statutory/contractual requirement
Your personal data is required by law and/or a contractual requirement (e.g. our client may require this personal data), and/or a requirement necessary to enter into a contract. You are obliged to provide the personal data and if you do not the consequences of failure to provide the data are:
• We may not be able to provide work-finding services
2. Overseas Transfers
The Company may transfer only the information you provide to us to count ries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
3. Data retention
The Company will retain your personal data only for as long as is necessary for the purpose we collect it. Different laws may also require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation
Where the Company has obtained your consent to process your personal/sensitive personal data, we will do so in line with our retention policy. Upon expiry of that period the Company will seek further consent from you. Where consent is not granted the Company will cease to process your personal/sensitive personal data
4. Your rights
Please be aware that you have the following data protection rights:
• The right to be informed about the personal data the Company processes on you;
• The right of access to the personal data the Company processes on you;
• The right to rectification of your personal data;
• The right to erasure of your personal data in certain circumstances;
• The right to restrict processing of your personal data;
• The right to data portability in certain circumstances;
• The right to object to the processing of your personal data that was based on a public or legitimate interest;
• The right not to be subjected to automated decision-making and profiling; and
• The right to withdraw consent at any time.
Where you have consented to the Company processing your personal/sensitive personal data you have the right to withdraw that consent at any time by contacting the Business Manager at GKM Divine Services, Franciscan House. Suite 423, 4th Floor 51, Princess Street, Ipswich. IP1 1UR; email – info@gkmdivineservices.co.uk; Tel: 01473561029 There may be circumstances where the Company will still need to process your data for legal or official reasons. We will inform you if this is the case. Where this is the case, we will restrict the data to only what is necessary for the purpose of meeting those specific reasons.
If you believe that any of your data that the Company processes is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access you r personal data or exercise any of the other rights listed above.
5. Cookies We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
6. Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact the Business Manager at GKM Divine Services, Franciscan House. Suite 423, 4th Floor 51, Princess Street, Ipswich. IP1 1UR; email – info@gkmdivineservices.co.uk; Tel: 01473561029 You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
7. Changes to this privacy statement
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.
Annex A
1. The lawfulness of processing conditions for personal data are:
2. Consent of the individual for one or more specific purposes.
3. Processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual to enter into a contract.
4. Processing is necessary for compliance with a legal obligation that the controller is subject to.
5. Processing is necessary to protect the vital interests of the individual or another person.
6. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
7. Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the individual which require protection of personal data, in particular where the individual is a child. 1. The lawfulness of processing conditions for sensitive personal data are:
1. Explicit consent of the individual for one or more specified purposes, unless reliance on consent is prohibited by EU or Member State law.
2. Processing is necessary for carrying out data controllers obligations under employment, social security or social protection law, or a collective agreement, providing for appropriate safeguards for the fundamental rights and interests of the individual.
3. Processing is necessary to protect the vital interests of the individual or another individual where the individual is physically or legally incapable of giving consent.
4. In the course of its legitimate activities, processing is carried out with appropriate safeguards by a foundation, association or any other not-for-profit body, with a political, philosophical, religious or trade union aim and on condition that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without the consent of the individual. 5. Processing relates to personal data which are manifestly made public by the individual.
6. Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
7. Processing is necessary for reasons of substantial public interest on the basis of EU or Member State law which shall be proportionate to the aim pursued, respects the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the individual.
8. Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional and subject to the necessary conditions and safeguards.
9. Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices, on the basis of EU or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the individual, in particular professional secrecy.
10. Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard fundamental rights and interests of the individual.