Once the data is sold, the cat is out of the bag. The service might not send sensitive info by itself but the DBs of the buyers might contain enough data for cross-referencing to personally identify you without a shadow of doubt.
As another poster here asked: were there any ethical discussions in the organization?
As another poster here asked: were there any ethical discussions in the organization?