Privacy Policy

Multihexa (“Multihexa”, “we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of personal information collected, used, communicated, and retained in the course of its business as an educational services provider operating campuses in the Province of Québec and the Province of British Columbia.
This Privacy Policy explains how we collect, use, communicate, retain, and protect personal information in connection with the website located at https://multihexa.ca and its subdomains (collectively, the “Website”), as well as in connection with the application, admission, enrolment, and educational services we offer (collectively, the “Services”).
This Privacy Policy is governed by, and is intended to comply with, the following laws, as applicable: (i) the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”); (ii) the Act respecting the protection of personal information in the private sector (Québec), as modernized by An Act to modernize legislative provisions as regards the protection of personal information (commonly referred to as “Law 25”) (“Québec Privacy Act“); and (iii) the Personal Information Protection Act (British Columbia) (“BC PIPA”).
By accessing or using the Website or the Services, you acknowledge that you have read, understood, and consent to the collection, use, and communication of your personal information as described in this Privacy Policy. If you do not consent, you must not use the Website or the Services.
1. SCOPE AND APPLICATION

This Privacy Policy applies to personal information about identifiable individuals collected, used, or communicated by Multihexa in connection with the Website and the Services, including information about prospective applicants, applicants, students, alumni, parents and guardians, sponsors, agents, employer training participants, website visitors, and other individuals who interact with us through the Website.

This Privacy Policy does not apply to (i) personal information of Multihexa employees, contractors, instructors, or agents collected, used, or communicated for the purpose of establishing, managing, or terminating an employment or service relationship, which is governed by separate internal policies; or (ii) information that has been anonymized or aggregated such that it cannot reasonably be associated with an identifiable individual, in accordance with the standards prescribed by applicable law (including, in respect of Québec, the standards prescribed under section 23 of the Québec Privacy Act).
2. WHAT IS PERSONAL INFORMATION

“Personal Information” means information about an identifiable individual or, in respect of Québec, any information which relates to a natural person and directly or indirectly allows that person to be identified. Sensitive personal information, as defined under the Québec Privacy Act, refers to personal information that, due to its medical, biometric, or otherwise intimate nature, or to the context of its use or communication, entails a high level of reasonable expectation of privacy.

3. PERSON IN CHARGE OF THE PROTECTION OF PERSONAL INFORMATION

In accordance with section 3.1 of the Québec Privacy Act, Multihexa has designated a Person in charge of the Protection of Personal Information (also referred to as the “Privacy Officer”) who is accountable for compliance with this Privacy Policy and applicable privacy laws across Multihexa’s operations. The contact details of the Privacy Officer are set out in Section 14.

4. PERSONAL INFORMATION WE COLLECT
Depending on your interaction with us, we may collect the following categories of Personal Information:
Category Examples
Identification & Contact
  • Full name, date of birth, gender
  • Email address, telephone number, postal address
  • Country of residence, citizenship, language preference (French / English)
Government & Immigration
  • Passport number, study permit / CAQ / visa details, immigration status (international applicants)
  • Permanent code (code permanent du MEES) for QC Programs
  • Social Insurance Number (only where required by law)
Educational Background
  • Prior academic transcripts, certificates, diplomas, degrees
  • Language proficiency results (e.g., IELTS, TOEFL, TEF, TEFaQ)
  • Letters of recommendation and personal statements
Application & Enrolment
  • Program of interest, application status, decisions
  • Enrolment Contract data, attendance records, grades, evaluations
  • Disciplinary, academic standing, and graduation records
Financial
  • Tuition, application, and other fee payment records
  • Billing address, partial payment-card data (last 4 digits, expiry) as returned by payment processors
  • Sponsor / financial-aid / scholarship / loans-and-bursaries information (Aide financière aux études, StudentAid BC)
Sensitive (where provided)
  • Medical / accessibility information voluntarily provided to support reasonable accommodations
  • Information regarding criminal record checks, where required for specific Programs
Career & Alumni
  • Employment history and outcomes
  • Testimonials, photographs, video, and audio recordings (where consent provided)
Technical & Usage
  • IP address, device identifiers, browser type, operating system
  • Log data, referring URLs, access timestamps, pages viewed
  • Cookies and similar technologies (see Section 10)
Communications
  • Enquiries, correspondence, chat transcripts, call recordings (where notice is provided)
  • Feedback, complaints, and survey responses
We do not knowingly collect Personal Information from children under the age of 13. Where a User is under the age of majority (18 in Québec; 19 in British Columbia), we rely on the consent of a parent or legal guardian for the collection, use, and communication of Personal Information. Special protections apply under the Québec Privacy Act in respect of Personal Information of minors under the age of 14.
5. HOW WE COLLECT PERSONAL INFORMATION

We collect Personal Information through:

  • Forms submitted on the Website (e.g., application, request information, contact us);
  • User Account registration and use of online learning management functionality;
  • Online payment transactions through our third-party payment processors;
  • Correspondence by email, telephone, and other communications channels;
  • Authorized education agents, recruiters, and pathway partners;
  • Employers and sponsors (in respect of employer training and sponsored students);
  • Government and regulatory authorities, where required or permitted by law (including the Ministère de l’Enseignement supérieur du Québec and PTIRU);
  • Publicly available sources, where you have made information publicly available; and
  • Automated technologies, including cookies, pixel tags, and analytics tools.
6. PURPOSES FOR WHICH WE USE PERSONAL INFORMATION
Consistent with the principles of accountability, identifying purposes, and limiting collection under Schedule 1 of PIPEDA, the obligations under the Québec Privacy Act, and the corresponding obligations under BC PIPA, we collect, use, and communicate Personal Information only for purposes that are determined and necessary, and that a reasonable person would consider appropriate in the circumstances. These purposes include:
  • Processing applications and assessing eligibility for admission to a Program;
  • Communicating with applicants, students, and prospective students about Programs, admission decisions, and Multihexa;
  • Entering into and administering Enrolment Contracts;
  • Processing payment of tuition and other Fees, including refunds;
  • Delivering Programs, including instruction, assessment, attendance tracking, and credentialing;
  • Providing student services, including academic, career, and accessibility support;
  • Administering online learning management functionality and other Services;
  • Complying with regulatory requirements applicable in Québec (including reporting obligations to the Ministère de l’Enseignement supérieur) and in British Columbia (including under the Private Training Act and PTIRU directives);
  • Responding to enquiries, complaints, and disputes;
  • Engaging with alumni, including reasonable career, networking, and fundraising communications;
  • Protecting the safety, security, and integrity of the Website, the Services, and our community;
  • Detecting, preventing, and investigating fraud, misuse, or unauthorized activity;
  • Conducting research, analytics, and quality improvement (using anonymized or aggregated data wherever feasible);
  • Marketing Programs and related Services to prospective applicants, subject to your consent and right to withdraw consent at any time; and
  • Complying with applicable laws, court orders, regulatory requests, and lawful demands.
6.1 Privacy Impact Assessments (PIA)
In accordance with the Québec Privacy Act, Multihexa conducts a privacy impact assessment of any information system project or electronic service delivery project involving the collection, use, communication, retention, or destruction of Personal Information, prior to the implementation of such project. We similarly assess any project involving the communication of Personal Information outside Québec.
6.2 Automated Decision-Making
Multihexa does not make decisions in respect of an individual based exclusively on automated processing of their Personal Information. To the extent we adopt any such system in the future, we will, in respect of Québec residents and as required by section 12.1 of the Québec Privacy Act, inform the affected individual at the time of the decision, on request provide the principal factors and parameters that led to the decision, and afford the individual the opportunity to submit observations to a member of personnel with the authority to review the decision.
7. CONSENT
7.1 Form of Consent
We obtain consent for the collection, use, and communication of Personal Information at the time of collection, or beforehand, except where collection, use, or communication without consent is permitted or required by law. Consent must be manifest, free, and enlightened, and must be given for specific purposes. Depending on the sensitivity of the information and the context, consent may be obtained in writing, electronically (e.g., by acceptance of these Terms or this Privacy Policy), orally, or by way of a User’s clear conduct.
7.2 Express Consent for Sensitive Information
Express consent will be obtained for the collection, use, or communication of sensitive Personal Information (as defined under the Québec Privacy Act and as understood under PIPEDA), and for any use of Personal Information for purposes not previously identified.
7.3 Implied Consent
Where appropriate and permitted by law, we may rely on implied consent for the collection, use, or communication of Personal Information for purposes that are reasonably obvious from the context of the interaction, including the use of contact information to respond to an enquiry submitted through the Website. Implied consent is not relied upon for sensitive Personal Information or for secondary uses requiring express consent.
7.4 Withdrawal of Consent
Subject to legal or contractual restrictions and reasonable notice, you may withdraw your consent to the collection, use, or communication of your Personal Information at any time by contacting our Privacy Officer at the address provided in Section 14. Withdrawal of consent may, depending on the circumstances, prevent us from continuing to provide certain Services. We will inform you of the implications of withdrawal at the time you make such a request.
7.5 Marketing Communications
We comply with Canada’s Anti-Spam Legislation (CASL) in our commercial electronic communications. You may unsubscribe from marketing communications at any time using the unsubscribe link in the relevant communication or by contacting us. Withdrawal from marketing communications does not affect transactional or service-related communications.
8. COMMUNICATION OF PERSONAL INFORMATION TO THIRD PARTIES

We may communicate Personal Information to the following categories of recipients, in each case subject to appropriate contractual and security safeguards:

  • Service providers and processors: payment processors, hosting and cloud infrastructure providers, learning management system providers, CRM and email providers, analytics providers, and professional advisors (legal, accounting, and audit), engaged to perform services on our behalf;
  • Pathway and academic partners: post-secondary institutions and corporate partners with which Multihexa has academic articulation, transfer credit, or pathway arrangements, where the communication is necessary to administer such arrangements;
  • Education agents and recruiters: authorized representatives who introduced you to Multihexa, for application administration purposes;
  • Sponsors and employers: sponsors, employers, and funding agencies (including Aide financière aux études du Québec and StudentAid BC where relevant) where required for sponsored or employer-funded enrolment, with your consent;
  • Regulatory authorities: the Ministère de l’Enseignement supérieur du Québec, PTIRU, the Ministry of Post-Secondary Education and Future Skills (BC), Immigration, Refugees and Citizenship Canada (IRCC), the Canada Revenue Agency, Revenu Québec, Statistics Canada, and other government bodies, where required or permitted by law;
  • Law enforcement and legal process: where required or permitted by law, including in response to subpoenas, court orders, or other legal process, or to investigate or prevent fraud, security incidents, or other unlawful activity;
  • Corporate transactions: in the context of an actual or prospective merger, acquisition, sale of assets, financing, or insolvency proceeding involving Multihexa, in each case subject to confidentiality undertakings and applicable law; and
  • With your consent: to any other party with your express consent or at your direction.
9. STORAGE AND COMMUNICATION OF PERSONAL INFORMATION OUTSIDE QUÉBEC AND CANADA
9.1 Storage
Personal Information collected by Multihexa is primarily stored on servers located in Canada. However, certain service providers we rely upon may store, process, or access Personal Information in jurisdictions outside Canada, including in the United States, the European Union, and other countries.
9.2 Communication Outside Québec — Privacy Impact Assessment
Before communicating Personal Information outside Québec, Multihexa conducts a privacy impact assessment in accordance with section 17 of the Québec Privacy Act. The assessment takes into account the sensitivity of the information, the purposes for which it is to be used, the protection measures, including those that are contractual, that would apply to it, and the legal framework applicable in the State in which the information would be communicated, including the personal information protection principles applicable in that State. The communication may be made if the assessment establishes that the information would receive adequate protection, in particular in light of generally recognized principles regarding the protection of Personal Information.
9.3 Cross-Border Transfers — General
Where we transfer Personal Information to a service provider for processing, we use contractual and technical measures designed to provide a comparable level of protection to that required under PIPEDA, the Québec Privacy Act, and BC PIPA, including data processing agreements, confidentiality obligations, and security commitments. By using the Services, you acknowledge and consent to such transfers.
10. COOKIES, ANALYTICS, AND ONLINE TRACKING
10.1 Cookies

We and our service providers may use cookies, pixel tags, web beacons, and similar tracking technologies to operate the Website, remember preferences, analyze usage, support marketing, and measure campaign effectiveness. Cookies are categorized as follows:

  • Strictly necessary: required for core functionality, including session management, security, and authentication.
  • Functional: used to remember choices you make and to enhance your experience.
  • Analytics & performance: used to understand Website usage and improve performance.
  • Advertising: used to deliver relevant advertising and to measure campaign effectiveness.
10.2 Identification, Location and Profiling Technologies
In accordance with section 8.1 of the Québec Privacy Act, where Multihexa uses technology that includes functions allowing the individual to be identified, located, or profiled, you will be informed of the use of such technology and of the means available to activate or deactivate the relevant functions.
10.3 Managing Cookies
Most web browsers allow you to control cookies through browser settings. You may also manage cookie preferences through any cookie banner or preference centre made available on the Website. Disabling certain cookies may impair Website functionality.
10.4 Do Not Track
The Website does not currently respond to Do Not Track (“DNT”) signals, given the absence of a uniform industry standard for such signals.
11. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

We retain Personal Information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including any legal, regulatory, accounting, audit, or reporting requirements applicable to private educational institutions in Québec and British Columbia. Retention periods include:

  • Student records of QC Programs — retained in accordance with the requirements of the Ministère de l’Enseignement supérieur du Québec and any applicable regulations;
  • Student records of BC Programs — retained in accordance with the Private Training Act (British Columbia), the Private Training Regulation, and any applicable PTIRU directives;
  • Financial and tax records — retained for the period prescribed under applicable Canadian and Québec tax legislation;
  • Application records of unsuccessful applicants — retained for a reasonable period for audit and dispute purposes; and
  • Marketing and Website analytics data — retained for the duration necessary for the relevant marketing or analytics purpose.

When the purposes for which Personal Information was collected or used have been achieved, we destroy or anonymize the Personal Information in accordance with section 23 of the Québec Privacy Act, section 35 of BC PIPA, and our internal retention and disposal policies, subject to any preservation obligations imposed by law.

12. SAFEGUARDS, SECURITY AND CONFIDENTIALITY INCIDENTS

We implement physical, technical, and administrative safeguards designed to protect Personal Information against loss, theft, unauthorized access, communication, copying, use, modification, or destruction. These safeguards are calibrated to the sensitivity of the information, the format in which it is held, and the means of storage and include:

  • Access controls and role-based permissions for personnel and contractors;
  • Encryption in transit (e.g., TLS) and, where appropriate, encryption at rest;
  • Use of reputable third-party processors with documented security practices for payment processing, hosting, and learning management;
  • Confidentiality and privacy training for personnel handling Personal Information;
  • Contractual privacy and security obligations on service providers; and
  • Periodic review of safeguards and information-handling practices.
12.1 Confidentiality Incidents

In the event of a confidentiality incident (a “Confidentiality Incident”, as defined under the Québec Privacy Act, including any access not authorized by law, use not authorized by law, communication not authorized by law, or loss of Personal Information, or any other breach in the protection of such information), Multihexa will:

  • Take reasonable measures to reduce the risk of injury and to prevent new incidents of the same nature from occurring;
  • Maintain a register of Confidentiality Incidents in accordance with the Québec Privacy Act;
  • Promptly notify the Commission d’accès à l’information du Québec and any affected individuals where the incident presents a risk of serious injury, in accordance with section 3.5 of the Québec Privacy Act;
  • Comply with the breach reporting and record-keeping obligations under PIPEDA’s Breach of Security Safeguards Regulations and BC PIPA, where applicable; and
  • Cooperate with relevant regulatory authorities as required by law. 
13. YOUR RIGHTS

Subject to applicable law, you have the following rights in respect of your Personal Information:

  • Right of access: to be informed of the existence, use, and communication of your Personal Information, and to access that information, subject to the exceptions set out in PIPEDA, the Québec Privacy Act, and BC PIPA.
  • Right of rectification (correction): to challenge the accuracy and completeness of your Personal Information and to request that it be corrected as appropriate.
  • Right to withdraw consent: to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice, as described in Section 7.4.
  • Right to data portability (Québec): in accordance with section 27 of the Québec Privacy Act, you have the right to obtain the computerized Personal Information you have provided to Multihexa in a structured, commonly used technological format, and to require its communication to any person or body authorized by law to collect such information, where doing so does not raise serious practical difficulties.
  • Right to de-indexing / cessation of dissemination (Québec): in accordance with section 28.1 of the Québec Privacy Act, you have the right to require Multihexa to cease disseminating, or to de-index a hyperlink to, your Personal Information, in the circumstances and subject to the conditions set out in that provision.
  • Right to information about communications: to request information about the names of organizations to which your Personal Information has been communicated by us during the preceding year (under section 23(1)(c) of BC PIPA, where applicable).
  • Right to complain: to file a complaint with our Privacy Officer or with the relevant regulatory authority, as set out in Section 14.

We will respond to verifiable requests within the timelines required by applicable law (generally within thirty (30) days of receipt of a written request under PIPEDA, BC PIPA, and the Québec Privacy Act, with extensions in limited circumstances permitted by law). We may charge a minimal fee only where permitted by applicable law, and we will provide a written estimate before proceeding.

12.1 Confidentiality Incidents

In the event of a confidentiality incident (a “Confidentiality Incident”, as defined under the Québec Privacy Act, including any access not authorized by law, use not authorized by law, communication not authorized by law, or loss of Personal Information, or any other breach in the protection of such information), Multihexa will:

  • Take reasonable measures to reduce the risk of injury and to prevent new incidents of the same nature from occurring;
  • Maintain a register of Confidentiality Incidents in accordance with the Québec Privacy Act;
  • Promptly notify the Commission d’accès à l’information du Québec and any affected individuals where the incident presents a risk of serious injury, in accordance with section 3.5 of the Québec Privacy Act;
  • Comply with the breach reporting and record-keeping obligations under PIPEDA’s Breach of Security Safeguards Regulations and BC PIPA, where applicable; and
  • Cooperate with relevant regulatory authorities as required by law.
14. PRIVACY OFFICER AND CONTACT INFORMATION
Multihexa has designated a Person in charge of the Protection of Personal Information (Privacy Officer). Questions, concerns, complaints, requests for access or rectification, or other requests in respect of this Privacy Policy or your Personal Information may be directed to:
Privacy Officer / Personne responsable de la protection des renseignements personnels

Multihexa

Attention: Office of the Registrar / Privacy Officer
Québec Campus: [email protected]
Vancouver Campus: [email protected]
Website: https://multihexa.ca

15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Updated versions will be posted on the Website with a revised “Last Updated” date. Where changes are material, we will provide additional notice as appropriate, including (where required) by obtaining renewed consent.