If an EU company who holds private data of their customers ("data controller") is buying services from some third party service provider ("data processor"), then it's the data controller's responsibility to ensure that they handle the data responsibly and don't ever give it out to noncompliant processors.
A B2B service can legally offer a non-compliant service in the EU, but then the buyer isn't allowed to put any privately identifiable data in it; GDPR article 28.1 "Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject."
So in the sendwithus case, GDPR would prohibit an EU company to use its $79/month service for handling private data, since it doesn't come with the required assurances.
The problem is you won't get an Data Processing Agreement (DPA) from them. And since email and names are sent through the service the DPA is mandatory. If someone somehow manages to detect your are sending his data to a non-compliant service you can get sued.
They won't be able to sell the non-compliant version right?