Yup. One of the best benefits of GDPR is that you don't have to read the fine print anymore, because companies can't legally put anything abusive in there, at least with respect to processing your data.
Absolutely. Article 25(2) is written for this specific situation, and expressly prohibits opt-out situations where personal data might be made publicly accessible:
"In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons."
