There's apparently even two different things I have to agree to in order to play it?

I bought it, DRM free. I have no intention of ever letting the software online.

Do we have to crack legally purchased DRM free games these days to avoid American legal junk with dubious reach in the EU?

I just refund my game on steam and was planning to buy it on gog with the hope that this version will be free of this privacy policy junk. Thank's for the warning. Is there a way to play the game without accepting the privacy policy?

At least, after aggreeing the 2 texts, they give the option to remove the sendings.

I'd like to learn more about this.

Does it require we connect online to run? Does it have a separate exe doing this stuff we can simply delete or is it 'baked in' to the main game exe? What data is it gathering and where is it wanting to send it?

I would imagine it's the game collecting usage data. But it should just be opt-in. Chalk up another bit of anti-consumer nonsense from this developer.

I swear some people just have nothing better to do than be mad at video games.
Shame because this game is great but the community desperately wants to piss itself. Can't go play something else in peace have to first smear your sh*t all over the walls.

it is.
there is a way to do not agree to collect data on first run.
later it is available in options.
additionally it runs well with offline , double tested that.

The EULA is standard EULA we have in any other game, only because of GDPR we are now presented with EULA right away from the start, as is normal with every other game.
The EULA does not contain anything despicable, out of the ordinary. And if it in any way conflicts with GDPR or your country law, that part will not be applicable anyway.
You can turn off the telemetry in Options.
Additionaly you can prohibit the PhoenixPoint.exe any connection out of your computer in your Windows firewall.
So there's nothing to fear from the EULA PoV.

The game itself is another topic. The way i see it has nothing on the newer Firaxis XComs. Mind you i just am going through prologue, just liberated the first base in China, but i'm not amazed by what i saw so far.

Try to make a habit to always block any newly installed single-player games in the firewall for windows or simply "firejail --net=none --noprofile" for linux.

Accepting a generic EULA is common practice, however the amount of data being transmitted is staggering and quite often the user choice does not matter.

The DRM-free distributions are just that - no DRM, however the games and their publishers often require additional agreements, custom licenses, 3rd party libraries, etc.

Just make sure to skim through the walls of text for the privacy conditions, sometimes you may be surprised to find out what you actually are agreeing/not agreeing to :).

The whole thing is even stranger considering that Snapshot Games is located in the EU, and their new owner, Embracer Group is in the EU as well. But Snapshot Games was founded as a company in the US, and their headquarters are in Bulgaria only because Julian Gollop is living there, and because salaries in Bulgaria are much lower than almost everywhere in the EU or the US.

From Wikipedia:

On November 12, 2013, Snapshot Games was founded as a privately held corporation in the state of California of the United States.[3] However, it is based in Bulgaria where its CEO, Julian Gollop, lives and where video game development costs are about one-third of what they would be for a similar studio in the United States.

It’s at least confusing that a company physically located in the EU, owned by another EU company (Embracer Group, a Swedish company, bought 100% of all Snapshot shares on 18 Nov this year), is so eager to transfer data outside the GDPR protected area. It appears to be a bit similar to how e.g. Facebook is a US company, but with their headquarters in Ireland for tax avoidance reasons. And I noticed that PhoenixPoint.exe communicates with two Amazon servers in Oregon (I’m located in Germany), so that might be a possible reason, too.

But as I understand it, any company doing business in the EU should be subject to GDPR, unless I’m missing something.

Or is it possible that this EULA is at least partly the way it is because it’s also made with Unity, which sends user data for analytics purposes?

Exactly this. There was the shameless Gollop and his video announcing "good news" to his backers (that he sold them to Epic for big money), and everything else afterwards. From absence of customer service, to dubious reasons for settling in Burlgaria, and such. I am not even a backer, so it is not even about me. But this EULA, utterly illegal in the EU, is very much like Gollop and the USA ways.

In France, we have this old law: "Loi Informatique et Libertés" (first promulged in January 6th 1978). There is no way it is legal to sell a game, and then threaten the buyer by saying "boy, now you give me all your data or i won't let you use the product you bought". Gollop should be prosecuted and made to spit all the money he made by cheating with the GAFAM as he did. The GAFAM get constantly prosecuted in France for their abuses. This year it was Google again. Last year, it was Amazon. And so on. Illegal usage of customer data. Abuses to force monopolies on customers. Total disrespect of workers laws and laws in general. Etc, etc, etc... This is no surprise that someone who works at Mc Donald's in Europe and one who works at Mc Donald's in the USA have totally different lives. Europe does has laws, that's why Gollop.

Anyone who tries to tell me "calm down, it is not so rare to find these EULA" should rather point out that it is starting to become common in order to say "it is alarming and worrying, let's wake up". Because it is. Gollop is persona non grata to me. And i hope to find out one day how he treats his employees. I don't expect to see any nice stories.