This is a sever breach of GDPR, so is their practice to use the information you give them when ordering for other things then processing your order without an explicit non required opt-in on your part.
Furthermore in the past when GDPR was new, judges where often quite lenient when it came to enforcement of first offenders but that is increasingly less the case. And which such bland consumer abusive business practices they might be in for a really bad awakening (if they sell to the EU).
Additionally given all that I wouldn't be surprised if their website is also committing GDPR violations.
Also even if they have free GDPR deletion "hidden somewhere" that still would be a violation of GDPR as it has been clarified by judges in other cases (related to information requests instead of deletion).
IANAL, but I don't see any requirement of it having to be "free". I probably miss something. And It would seem very much against the spirit, but is a company really not allowed to charge fees for "deleting"?
This is a sever breach of GDPR, so is their practice to use the information you give them when ordering for other things then processing your order without an explicit non required opt-in on your part.
Furthermore in the past when GDPR was new, judges where often quite lenient when it came to enforcement of first offenders but that is increasingly less the case. And which such bland consumer abusive business practices they might be in for a really bad awakening (if they sell to the EU).
Additionally given all that I wouldn't be surprised if their website is also committing GDPR violations.
Also even if they have free GDPR deletion "hidden somewhere" that still would be a violation of GDPR as it has been clarified by judges in other cases (related to information requests instead of deletion).