GDPR has an exception for things that are necessary for the service the customer asked for. If you ordered something to be shipped to your home then the provider can share your address with the shipping company - that's required to fulfill their end of the deal. Sending your personal information to some 3rd party advertising company? Not so much.
If the seller can subcontract the delivery service, is there any reason they can't subcontract their accounts receivable?
I think the element you're missing is - of course this is OK, it happens all the time. What the comment you were responding to before wasn't making clear is that when it's done, there must be contractual provisions limiting the service provider's use of the data, so they can't use it for their own purposes.
