·06 — Trainer obligations
Your data
responsibilities.
When you collect client information through Seshman
When you collect information from your clients through Seshman, you decide what to ask and why — so under data-protection law you are the "controller" of that information. Seshman stores and protects it for you (we're your "processor"). This page explains what that means in practice. It's lighter than it sounds, and the app is built to do most of the heavy lifting.
You're the controller. What that means.
You're responsible for:
- Asking only for what you need. Collect what helps you train your client safely — not everything you can think of. The catalogue is there to help you pick sensible questions.
- Having a reason ("lawful basis") to collect it. For ordinary contact details, running your training service is reason enough. For sensitive information — anything about health, injuries, medical conditions, medications, or emergency contacts — you need your client's explicit consent. Seshman's intake screen captures that consent for you, so for most clients this is handled automatically.
- Being straight about why you're asking. Don't reuse health answers for something unrelated to training.
- Helping if your client asks about their data. If a client wants to see, correct, or delete what you hold, you can export or delete it in the app — and if they email us at privacy@seshman.com, we'll handle it within 30 days.
What counts as "sensitive"?
Health and medical information is treated as special-category data under UK/EU law (and "consumer health data" / "sensitive personal information" under US laws). That includes: medical conditions, injuries, medications, disabilities, pregnancy, mental-health notes, and emergency-contact health details. When you add a field marked sensitive, the app asks your client for explicit, unbundled consent before they fill it in — and protects it more strongly afterwards.
Please don't put sensitive health details into a general "notes" or free-text field to get around the consent step. That breaks the agreement you have with us, and it leaves your client's data without the protection it should have. If you need to ask something health-related, use a sensitive field — that's what it's for.
What Seshman does for you (as your processor)
- Stores it securely — sensitive answers are individually encrypted.
- Logs who looks at it — every view or export of a sensitive answer is recorded.
- Exports it on request — you (or your client) can download their full intake record.
- Deletes it on request — when a client withdraws consent, or you remove them, their answers are deleted and their consent record is retained only as long as the law requires.
- Never uses it for our own purposes. We don't sell it, we don't share it, and we don't use it to train AI — Seshman uses no AI at all. We only ever process it on your instructions, to provide you the service.
If you're filling it in for an offline client
Some clients don't use the app. You can complete their intake for them — but only if you've explained it to them and they've agreed, in person. When you do, you confirm that consent, and we email the client (if we have their address) so they know what's been recorded and can ask us about it. That keeps everything above board.
Getting help
If you're not sure whether you can ask something, the rule of thumb is: only collect what you genuinely need to train this person safely, and use a sensitive field for anything health-related. For anything else, contact us at privacy@seshman.com.
This page is general guidance, not legal advice. You're responsible for your own compliance as the controller of your clients' data; if you handle a lot of sensitive data, consider your own professional advice.