GDPR also applies to the real world. That store is definitely not allowed to share data about your shopping habits with some third party without your explicit consent. For example government departments in Germany have to aks for your explicit permission beforehand if they need to request/share data with a different department.
This is in general not true and German government departments share data with different departments all the time without explicit consent of the affected citizen. This is also not a good example as there are additional legal restrictions for government departments which businesses don't need to obey.
If the sharing is not required by any law they have to ask. Sometimes they do. I'm sure there are cases where they share without either of the precondition met.
GDPR is a standardisation of pre-existing national rules within the EU member states, at the time including the UK’s Data Protection Act. When I was at university, one of the examples of the scope of the Data Protection Act was a barbershop which kept hand-written (no computer involved) records of customers, and one customer used the DPA to demand to see their records and then to have those records destroyed.
GDPR has an exception for things that are necessary for the service the customer asked for. If you ordered something to be shipped to your home then the provider can share your address with the shipping company - that's required to fulfill their end of the deal. Sending your personal information to some 3rd party advertising company? Not so much.
If the seller can subcontract the delivery service, is there any reason they can't subcontract their accounts receivable?
I think the element you're missing is - of course this is OK, it happens all the time. What the comment you were responding to before wasn't making clear is that when it's done, there must be contractual provisions limiting the service provider's use of the data, so they can't use it for their own purposes.
