Those actually seem reasonable (other than the swag one) if and only if that info is locked away on a need-to-know-basis, it’s used for precisely that purpose, and regulators vigorously punish any sharing or release. The GDPR seems like a good step in that direction.
For recalls the customer could subscribe to a public recall channel and warranty can be handled on a machine-identity basis (at least until the warranty actually kicks in) so none of those really require personal data upfront.
