I think the customers should be aware that they should ignore an email coming from an unknown sender, they should only communicate on the legitimate email, at the same time maybe trezor had accidentally leaked this information, or if it's true they have been a hack, so as I was saying if you are not sure that the email comes from trezor legit email account ignore it, they might inject something in your computer once you click a certain link,
That is why it is always better to use disposable emails when ordering a hardware wallet or contacting hardware wallet support. Even if an email you used for orders became known to hackers and scammers, they couldn't make use of it since, by that time, it would have already been deleted. The same strategy works perfectly for contacting support. You just create a fresh email address for a specific purpose, which is to share it with support, and once you received a reply, you can delete it forever. Not only does it help to avoid being scammed, but also it results in less spam in your inbox.
Interesting to read that, allegedly, according to the first link included in the OP, Trezor anonymizes e-commerce customer data within 90 days. There are still things that can go wrong there in the meantime, and backups are also likely to make the data more persistent (depending on their backup policy), but still.
It was mentioned in the article that you don't have to wait a month and a half for your data to be deleted, you can always request for manual removal, which I think is a better solution for those valuing their privacy.
Either way, it is good to know they don't keep your data forever.
Sorry I have not used hardware wallet before
You should try, it feels great!