Welcome to the Lavanya Plus Limited (trading as “Cassi Care”) Privacy Notice. This notice explains howLavanya Plus Limited collects, uses, stores, and protects your personal data when you use the Cassi Careservice, typically offered to you through your employer.
At Lavanya Plus Limited (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation(“GDPR”), the Data Protection Act 2018 and all other mandatory laws and regulations of the UnitedKingdom. We aim to be transparent and to help you understand what data we collect, why we collect it, how we use it, and what rights you have in relation to it.
This Privacy Notice applies specifically to users of the Cassi Care service and does not cover data processing related to employees or internal staff.
Lavanya Plus Limited is the data controller for personal data processed via the Cassi Care platform. Wedetermine how and why your data is used and are responsible for ensuring it is handled in line withdata protection law.
Our registered office is 11 Broadgates Avenue, Barnet, EN4 0NU, and our company number is 07973969. If you have any questions about this notice or your data rights, please contact our Data ProtectionOfficer by emailing care@wearewema.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), theUK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciatethe chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of Personal Data about you, this may include:
If you provide us with information about another person, such as a family member in need of care, youconfirm that you have their permission to do so, and that they understand their data may be processedby Cassi Care on their behalf.
For the purposes of our business we also collect what is known under the GDPR as special categories of Personal Data. We collect the following types of special Personal Data:
In order to collect this special kind of data we need enhanced legal justifications beyond the ordinarylegal justifications under the GDPR. We explain which justifications we rely on in paragraph 2.2 below.
There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The include:
You may withdraw your consent at any time by contacting us at care@wearewema.com. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
We only process your personal data where we have a lawful basis under UK GDPR. These may include performing a contract with you, meeting legal obligations, or pursuing our legitimate interests to deliver and improve the Cassi Care service.
Examples provided in the table below are indicative in nature and the purposes for which we use your data may be broader than described but we will never process your data without a legal basis for doing so and it is for a related purpose. For further enquiries please contact us.
| Activity | Type of data | Legal Justification | Lawful basis for processing data |
|---|---|---|---|
| To operate, maintain, and improve our sites, platforms, and services | Profile/Identity Data, Technical Data | Not applicable (standard personal data) | Legitimate Interests: to ensure proper functionality, usability, and performance of digital platforms |
| To respond to comments, questions, and support requests | Profile/Identity Data, Communication Records | Not applicable (standard personal data) | Legitimate Interests: to provide relevant support and manage care queries |
| To send confirmations, invoices, updates, and administrative messages | Customer Support Data | Not applicable (standard personal data) | Contractual Obligation: required to deliver agreed services |
| To communicate about promotions, updates, or new features | Marketing and Communications Data | Not applicable (standard personal data) | Consent: only if the user has opted in |
| To detect, investigate, and prevent fraud or misuse | Technical Data, Usage Data | Not applicable (standard personal data) | Legal Obligation and Legitimate Interests: to comply with laws and ensure platform security |
| To provide and deliver care recommendations and planning support | Customer Support Data | Article 9(2)(h) – Health/social care provision | Consent: requested by the user |
| To make referrals to care providers on behalf of users | Health-related information, Location Data | Article 9(2)(a) – Explicit Consent | Consent: user must authorise the referral |
| To match users with relevant care providers | Health-related and contextual care data | Article 9(2)(h) – Health/social care provision | Consent: to support user-led care navigation |
| To track and analyse platform usage and improve service | Technical Data, Usage Data | Not applicable (standard personal data) | Legitimate Interests: to improve and optimise services |
| To share anonymised, aggregated usage data with corporate clients | Anonymised Profile and Usage Data | Not applicable – data is no longer personal | Legitimate Interests: to report on service engagement without identifying individuals |
| To maintain records of service use for audits or legal claims | Customer Support Data, Communication Records | Not applicable (standard personal data) | Legal Obligation and Legitimate Interests: to meet legal recordkeeping requirements |
| To process complaints, incidents, or safeguarding concerns | Health data, Complaint Records | Article 9(2)(g) – Substantial public interest (safeguarding) | Legal Obligation: required under safeguarding duties |
You will receive marketing and new content communications from us if you have created an account and chosen to opt into receiving those communications. From time to time we may make suggestions and recommendations to you about goods or services that may be of interest to you.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
As a data subject, you have specific rights under the UK General Data Protection Regulation (UK GDPR). These include the right to:
We process personal data to support your care-related enquiries and provide service recommendations. If you wish to exercise any of your rights, please follow the process outlined in Section 4.4.
Please note: If you request deletion of your data, we will securely delete or anonymise personal data unless there is a lawful reason to retain it such as to meet regulatory or legal obligations, handle complaints, or manage financial recordkeeping, fraud prevention, or to resolve disputes, in accordance with our data retention policy. We do not retain data longer than necessary.
We take appropriate steps to protect your personal data against loss, misuse, unauthorised access, disclosure, or alteration. These include:
If we work with subcontractors or third-party service providers, we ensure they are subject to appropriate safeguards and never process your data for purposes outside of our instructions.
Despite these efforts, no method of transmission over the internet or method of electronic storage is completely secure. If you believe your data may have been compromised or misused, please contact us immediately at care@wearewema.com
You may opt out of receiving marketing communications from us at any time by:
Opting out of marketing communications does not affect our ability to contact you for essential service- related matters, such as updates about care enquiries or responses to your requests. We will continue to retain personal data required for legitimate purposes, unless you request otherwise under your rights (see 4.1 and 4.4).
To exercise your data rights including access, correction, deletion, restriction, objection, or data portability, you may contact our Data Protection Officer using the details below:
Email: care@wearewema.com
Subject: Data Rights Request – [Your Full Name]
We may ask for specific information to confirm your identity and validate your request (such as your name, contact details, and a description of your interaction with our service). This is a security measure to protect your personal data and ensure it is not disclosed to an unauthorised party.
We aim to respond to all valid requests within one month. If your request is particularly complex, or if you have made multiple requests, we may need more time. If so, we will notify you of the extension and provide an explanation.
There is no fee for making a data rights request unless it is manifestly unfounded, repetitive, or excessive, in which case a reasonable fee may be charged or the request may be refused.
We may share your personal data with trusted third-party partners such as service providers, IT vendors, and recommended care providers, but only when necessary to provide our services, and under strict confidentiality and data protection agreements.
We may also share Personal Data with interested parties in the event that Lavanya Plus Limited anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.
If Lavanya Plus Limited is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your Personal Data to a third party as part of or in connection with that transaction. Upon such transfer, the Privacy Policy of the acquiring entity may govern the further use of your Personal Data. In all other situations your data will still remain protected in accordance with this Privacy Policy (as amended from time to time).
We may share your Personal Data at any time if required for legal reasons or in order to enforce our terms or this Privacy Policy.
This Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.
We keep your personal data only as long as needed to provide the Cassi Care service or meet legal, regulatory or operational requirements. In most cases, this is up to 6 years after your last interaction with the service.
You must be at least 18 years old to use the Cassi Care service. We do not knowingly collect data from individuals under 18.
Your personal data may be transferred to, and stored or processed in, countries outside the United Kingdom, including the European Economic Area (EEA) and the United States, where our service providers or partners may be located.
Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place to protect your data in accordance with UK data protection law. These safeguards may include:
We currently store and process data within the UK. Transfers to the EEA or United States are made under the appropriate UK-approved mechanisms, such as Standard Contractual Clauses with supplementary measures where necessary.
You can request further information on the specific safeguards applied to your personal data by contacting our Data Protection Officer at care@wearewema.com.
We keep this Privacy Notice under regular review and will update it to reflect any changes to how we process your data or changes in legal requirements.