Sure. They’re not going to sell your username and password. But they’re a marketing company, and my experience with marketing companies is that they view IT as a cost center (despite marketing companies being mostly IT driven these days), and don’t spend a lot of time, effort, or energy on security. When they have a breach, it’s going to cost you more than just privacy.
Third party marketing data agreements, especially with anything dealing with money, are a usually bulletproof and opt-in.