1. It's an opt-out form

2. The opt-out appears to be a bundling of consents / unclear how I might receive these marketing "messages".

I don't see how this complies with the GDPR, but I can see how this would work well from a business POV. Am I being a mug if my small company requests multiple opt-ins from our customers, knowing full-well that most won't, whilst the big guys just flout the rules (assuming they are)?