You can’t. I don’t mean that in the I don’t trust xyz way, but simply that you cannot trust anything attached to the internet. It is simply not possible to protect data.
Look at it this way, before the internet, jolly old noface hacker would have to come to my house and rummage through the bin to get information on me, and then do that for the thousands of others he would need to be successful or build a database. Now it is all at his digital doorstep.
Sure sites do this and that, encryption here and there etc. to make it more difficult, but that is all it does, makes it more difficult. Eventually it will be cracked. Today people put not just formation, but their thoughts and memories on the net and let “smart” tech rack them about and do things like pay for things or access their cars, or turn on/off home systems etc. the amount of data out there is incredible.
Google, Amazon, Facebook, sure these are the big obvious ones, but behind the scenes there are gangs building databases for ransomware, or for targeted attacks, or for anything else.
Has security stopped terrorism? Nope.
Unfortunately this uncontrolled spiral into information reaping is being done across the board even if meant well. My bank needing a DOB in addition to all the other checks to log in means that information is being sent out each time, it’s not secure anymore.
And it is spiralling, more and more pushing or “smart” tech, wearable devices, mobile phones etc. So no, I can conclusively say that your data is not safe with <insert anything attached to the internet>.

Yup, but there are laws required from these companies how they have to handle your data, I wonder if Gog does it the required way or not.

You can't know for certain but the best thing to do is, as a rule (not just for GOG), to use the minimal cookies a site will allow, block third party cookies altogether at a browser level and use ad/tracking blocker extensions. That will protect against at least the common corporate tracking methods but as for the data that GOG themselves actually store on their servers, we really can't know how they use it or how much they even store in the first place.

Theoretically, the only way to prevent them from learning more would be to have routed through a VPN 100% of the time that you've used the site and only use unregistered prepaid credit cards to buy games but let's be honest, that's not realistic. And also, while I don't like giving any companies my data, CD Projekt hasn't really given us any reason to worry about our data, regardless of what one thinks about their recent business practices. I even intentionally enable analytics in Cyberpunk because the data is anonymized (still not ideal) and because said data helps CDPR improve the game and I trust them a bit more than most other companies.. If it was clear they started selling our personal data without our consent, then we would have a major cause for concern but even then, GOG would be the least of your worries as you're most likely leaking even more data somewhere, with some site or service.

There is no perfect solution for data privacy, you can only do what works for you to minimize the data you give. That's why one of my favorite privacy/security channels, Techlore, talks a lot about developing a personal threat model so that you can figure out how much data you're giving out and adjust things according to your usability and comfort level.

The law is about 20years behind technology. Do you think Amazon or Google or Facebook pay any more tax anywhere now there are new laws in place? Heck, they can’t even enforce laws in the real world half the time.
I am sure GOG follow all rules as does all companies, to the letter.

They almost certainly comply with the EU's GDPR laws since CD Projekt is a Polish company but the GDPR -- while a monumental leap for data privacy -- is still not perfect and has areas that can be considered loopholes.

A few good questions would be what information does staff in your position see for example IP addresses etc. When someone goes to that support page ,what information does zendesk get? What information is twitter et al getting from people browsing the site. Ok under those laws I will have the personal information regarding rep adjusted back to what it should be were it not for the contract breaching actions of other users.

16:30

Obviously you can see the rep system being abused in this very thread and multiple others so that's not an excuse.

I'm sure you can pass the message onto someone who can do the job.
Posters in prior threads have already suggested the number of ways to make your job easier in this task.

18:40

yeah comment vote data has to be there in the forum database, just needs a query to get it out correctly

yes I should do that d6nxyzrwk

thx for the link SmollestLight