I was advised to ask only one question per post.
In my earlier post Does this action violate GDPR
If a company is aware that a customer cannot provide a receipt, yet still requests their personal information to facilitate a product exchange due to a defective item, but later denies the exchange based on the lack of a receipt, does this action violate GDPR? Personal information is not required to use the product or services.
Simply put, there isn't enough information here to definitively say whether there's a GDPR violation here – taking the customer's personal info could have all sorts of GDPR-compliant purposes here, such as:
Taking the customer's info for purposes of raising the case for the refund request, and subsequently logging that it was declined due to lack of receipt.
Taking the customer's info for purposes of seeing if the original sale can be found in the system (therefore obviating the need for the receipt). If the info can't be found, the refund is then declined due to lack of receipt.
I could go on. The point is that GDPR is not something that means giving your personal info to an organisation means they have to give you the outcome you require.
Of course the data subject would be entitled to ask why they needed their personal info, what they used that for, and what they have retained (that's the transparency part) and they may even be able to ask that the data be removed if there's no overriding requirement for retaining it.
To cover the non-GDPR side, assuming EU consumer law: it's valid for the seller to ask for a proof of purchase. A receipt definitely is enough, but at their discretion they may also offer to locate the sale in their system if you provide enough data to uniquely identify that sale.
But since you did not provide any evidence of the sale, you have no proof, not even that you actually bought the product from that company. Without this proof, there is no obligation for the defective product.
