It sounds GDPR legal. After all, they are telling you exactly what will happen with anything that you send there, so by sending it there in full knowledge, you are essentially consenting to that processing of your data.
Also, German courts have ruled that in-between service providers are only liable for taking action after the complainant has raised the issue with the party that is directly violating the rights of the complainant, or their hosting provider and those efforts have proven futile or can be objectively deemed to be futile from the outset.
And finally, who says their customers are the abusers? In many cases, their customers may be the victims as well, without their knowledge, for example due to compromised CMS and would indeed be the best person to address the issue you may want to see resolved.

-- 
Volker A. Greimann


Virus-free. www.avast.com

On Fri, Feb 19, 2021 at 10:07 PM Nick Hilliard <nick@foobar.org> wrote:
furio ercolessi wrote on 19/02/2021 20:55:
> This is so absurd, I had to read it twice to make sure that I was not misreading it.
> They state that they automatically pass all my personal data to abusers if I
> send a report to them, so that:

it's difficult to see how this is fully compatible with the GDPR.  Have
you opened up a case with the Data Protection Office in Italy?  Germany
has strong data privacy laws, so there may be a legal way of handling this.

Nick