Last updated: 30 July 2025
0. Snapshot (30‑second read)
Controller: PAO INVEST CORP (DBA Arboleda Coaching Corp.)
Main purpose: Provision of MindReset services and delivery of personalised communications.
Lawful basis: Contract performance, legal obligation and express consent for marketing.
Recipients: Payment platform (Stripe), marketing tools (HubSpot, Clientify), analytics (Google Analytics 4, Meta Pixel, Synthflow) and strategic communication partners.
International transfers: United States under Standard Contractual Clauses (SCCs) and/or the EU‑US Data Privacy Framework.
Retention period: Up to 29 years in line with fiscal and accounting obligations.
Rights: Access, rectification, erasure, objection, restriction, portability and withdrawal of consent.
Privacy contact: info@mindresetretreat.com (Data Protection Officer: Patricia Arboleda).
1. Identity of the Data Controller
The data controller for personal data collected through the website mindresetretreat.com (the “Site”) is PAO INVEST CORP, doing business as Arboleda Coaching Corp. (“MindReset” or the “Controller”), a company incorporated under the laws of the State of Florida, USA, with its registered office at 7500 SW 138 St, Palmetto Bay, FL 33158, USA. Contact e‑mail: info@mindresetretreat.com.
EU representative: Pursuant to Article 27 GDPR, no representative has been appointed, as MindReset operates without an establishment in the Union and processes data only occasionally and not on a large scale.
Data Protection Officer (DPO): Patricia Arboleda · E‑mail: info@mindresetretreat.com.
2. Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identification | First name, surname, e‑mail address, telephone | Provided by you in contact forms, bookings or subscriptions |
| Transaction data | Purchase details, amount, currency, tokenised payment method | Stripe payment gateway |
| Browsing data | IP address, browser, device, pages visited, clicks | Cookies & similar tech (Google Analytics 4, Meta Pixel, GTM, Synthflow) |
| Marketing preferences | Subscribed newsletters, e‑mail opens, link clicks | Clientify / HubSpot |
MindReset does not collect or process special categories of data (health, beliefs, etc.).
3. Purposes and Legal Bases
| Purpose | Legal basis (Art. 6 GDPR) |
| Manage your booking, purchase or registration for a retreat or digital service | Contract performance (Art. 6 (1)(b)) |
| Issue invoices and comply with accounting and tax duties | Legal obligation (Art. 6 (1)(c)) |
| Send personalised commercial communications about MindReset | Express consent via opt‑in (Art. 6 (1)(a)) |
| Carry out statistical analysis of Site usage and improve user experience | Legitimate interest in optimising services (Art. 6 (1)(f)) |
| Prevent fraud and ensure transaction security | Legitimate interest (Art. 6 (1)(f)) |
4. Recipients and Processors
Your data may be accessed—under contract and confidentiality clauses—by:
Stripe Payments Europe, Ltd. – Payment gateway.
HubSpot, Inc. & Clientify – CRM and e‑mail automation.
Google LLC – Google Analytics 4 and Tag Manager.
Meta Platforms Ireland Ltd. – Meta Pixel.
Synthflow Inc. – Voice/chat analytics.
Marketing partners (advertising or social‑media agencies) for campaign management and audience building.
These providers act as processors and will not use the data for their own purposes.
5. International Transfers
The above‑mentioned tools host information on servers located in the United States. Transfers are safeguarded by:
Standard Contractual Clauses (SCCs) adopted by the European Commission; and/or
Participation, where applicable, in the EU‑US Data Privacy Framework.
6. Retention Periods
| Data category | Retention criterion |
| Non‑converted leads (newsletter subscribers) | 29 years or until consent is withdrawn |
| Customer and invoicing data | 29 years (statutory fiscal & accounting limitation) |
| Browsing & analytics logs | 26 months (GA4 default) |
After these periods, data will be anonymised or securely deleted.
7. Data Subject Rights
You may exercise the following rights at any time, free of charge:
Access to your personal data.
Rectification of inaccurate or incomplete data.
Erasure (right to be forgotten).
Objection to processing.
Restriction of processing.
Portability of data.
Withdrawal of the consent given.
Send your request to info@mindresetretreat.com attaching proof of identity. You may also lodge a complaint with the Spanish Data Protection Agency (AEPD) or the competent authority.
8. Data Security
MindReset applies appropriate technical and organisational measures—TLS encryption, two‑factor authentication, access controls, encrypted backups—to ensure the confidentiality, integrity and availability of data.
9. Cookies & Similar Technologies
The Site uses first‑party and third‑party cookies for technical, analytical and advertising purposes. Full details are provided in the Cookie Policy, where you can manage your consent.
10. Minors
The Site and MindReset services are intended exclusively for individuals 18 years of age or older. We do not knowingly collect information from minors. Any detected registration by a minor will be promptly deleted.
11. Changes to This Policy
MindReset reserves the right to amend this Privacy Policy at any time. The updated version will be posted on the Site with its effective date. Continued use of the Site after changes implies acceptance of the new Policy.
12. Contact
For any queries or to exercise your rights, please contact:
E‑mail: info@mindresetretreat.com
Postal address: 7500 SW 138 St, Palmetto Bay, FL 33158, USA
© 2025 MindReset · All rights reserved.
