ÇADEM - Employee Support Program
Privacy Policy
ÇADEM - Employee Assistance Program: Privacy and Security
This privacy policy was last updated on 04.05.2026 and is effective as of that date.
This privacy policy applies to the ÇADEM Employee Assistance Program mobile application ("ÇADEM EAP", package name: com.cadem.cdp, hereinafter the "App") and the websites published at cdp.cadempsikoloji.com and app.cadempsikoloji.com, all developed by Çadem Psikoloji (the "Service Provider"). The service is provided "AS IS". The Service Provider's mailing address: Caddebostan Mah. İskele Sok. Beşyuvam Apt. No:16 Daire:2 Kadıköy / İstanbul, Türkiye.
1. Information We Collect
1.1. Information you provide
When you register, we collect your first name, last name, email, phone number, employer organization, date of birth, employee number, and any associated family member relationships. While receiving services, we process your appointment history, messages, and content usage records related to the psychological support and educational services delivered to you.
1.2. Information collected automatically
Device type, unique device identifier, IP address, mobile operating system version, app version, browser type, and app usage statistics are collected automatically. Precise (GPS) location is requested only with your explicit consent and only to power the "show nearby facilities" feature for the duration of that session; it is not stored on our servers.
1.3. Health and activity data (only with your explicit consent)
The App requests read-only access to the following health and activity data via Apple Health (iOS) or Android Health Connect (Android). Data is collected only if you explicitly grant these permissions. The rest of the App continues to function if you decline.
| Data Type | iOS (Apple Health) permission | Android (Health Connect) permission | Purpose |
|---|---|---|---|
| Step count | HKQuantityTypeIdentifierStepCount | android.permission.health.READ_STEPS | Auto-update progress on step-based challenges and display in your daily activity panel. |
| Walking / running distance | HKQuantityTypeIdentifierDistanceWalkingRunning | android.permission.health.READ_DISTANCE | Auto-update progress on distance-based challenges and display in your daily activity panel. |
| Active calories burned | HKQuantityTypeIdentifierActiveEnergyBurned | android.permission.health.READ_ACTIVE_CALORIES_BURNED | Auto-update progress on calorie-based challenges and display in your daily activity panel. |
| Exercise time / workout sessions | HKQuantityTypeIdentifierAppleExerciseTime | android.permission.health.READ_EXERCISE | Auto-update progress on active-minute challenges and display in your daily activity panel. |
Additionally, if you choose to link your Fitbit account, only the same four data types (steps, distance, active calories, exercise time) are transferred to our servers via the Fitbit OAuth flow.
1.4. Explicit declarations regarding health data
- Read-only: No data is written to Apple Health or Health Connect; your existing records are not modified or deleted.
- No advertising: Health data is never used for advertising, profiling, or marketing, and is never transferred to ad networks.
- No AI/ML training: Health data is never used to train any artificial intelligence or machine learning model.
- No sale: Health data is never sold to third parties.
- Retention: Health data is retained on our servers for a maximum of 24 months from the most recent sync; after that period it is either deleted or aggregated such that it can no longer be linked to you. When you delete your account, your health data is removed from our servers within 30 days.
- Revoking access: You can withdraw health-data access at any time:
- iOS: Settings → Health → Data Access & Devices → ÇADEM EAP → "Turn Off All Categories".
- Android: Health Connect app → Permissions → ÇADEM EAP → "Remove all permissions".
- In-app: Settings → Wearables → disconnect the linked source.
- Out-of-scope data types: The App does not request access to heart rate, sleep, blood pressure, blood glucose, body temperature, clinical records, nutrition, or location-tracked exercise routes.
2. Sharing of Information
The Service Provider may disclose your information only in the following circumstances:
- Where required by law, such as in response to a subpoena or similar legal process;
- When the Service Provider believes in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- With trusted, contracted, and audited service providers acting on the Service Provider's behalf and bound by the rules of this privacy notice (cloud hosting, transactional email, push-notification infrastructure). These providers may use your data only for the defined task — never for their own purposes.
Only aggregated and anonymized service-usage statistics are shared with the organization (employer) that sponsors your access. Your individual health data is never, under any circumstance, shared with your employer.
Third-party services used by the App
- Google Play Services – Privacy Policy
- Apple HealthKit – Privacy Policy
- Android Health Connect – Privacy Policy
- Fitbit (optional, user-initiated) – Privacy Policy
- Firebase Cloud Messaging (push notifications) – Privacy Policy
3. Opt-Out and Data Retention
You can stop further data collection by uninstalling the App from your device. The App provides a "Delete my account" option in-app; this removes your account, health data, and family links from our servers within 30 days. Alternatively, you may email [email protected]; your request will be handled within a reasonable time. Certain records (billing, audit, statutory compliance) may need to be retained for additional periods as required by law.
4. Children
The App is not directed at users under the age of 13. The Service Provider does not knowingly collect personal data from children under 13. If we discover such data has been provided, it is deleted from our servers immediately. If you are a parent or guardian, please contact [email protected].
5. Security
Your data is encrypted in transit using TLS; on the server side, access is restricted to authorized personnel whose role requires it. Health data is stored in the database keyed to your user identity but isolated from other user records. While we make every reasonable effort, no security system can guarantee absolute protection; if you suspect anything unusual, please contact us.
6. Changes
This Privacy Policy may be updated from time to time. Material changes will be reflected on this page with an updated date and, where feasible, an in-app notification. Your continued use of the App after such changes constitutes your acceptance of the updated policy.
7. Your Consent
By using the App, you consent to the Service Provider processing your information as described in this Privacy Policy. "Processing" means any use of information, including collection, storage, deletion, use, combination, and disclosure.
8. Rights under Turkish Personal Data Protection Law (KVKK)
Under Law No. 6698 on the Protection of Personal Data, you have the right to: learn whether your personal data is being processed, request information about such processing, request correction of incomplete or inaccurate data, request deletion or destruction, be informed about domestic and international transfers, and seek compensation for damages caused by unlawful processing. You may submit such requests to [email protected] or to the postal address above.
9. Contact Us
If you have any questions about our privacy practices or how we handle health data, please contact: [email protected]
