> they state that they follow whatever privacy laws exist in your country

Well, that's kinda obvious - if they want to do business in a country, they have to follow the laws of that country. That doesn't in and of itself mean that they will apply weaker privacy protections if the local laws are less strict than GDPR...