I don’t know what gave you the idea that a particular distro would be an especially good/bad choice for privacy, etc. They’re all GNU/Linux with only minor differences in compile-time options in the kernel and different defaults in user-space. But they’re just that, defaults. You can reconfigure them to your preference.
With that out of the way, the issue NixOS attempts to address is reproducibility. You get a central configuration infrastructure that defines everything, from partition layout, through user creation and package installation to software configuration. The central idea being that migrating to a new machine or setting up a new development environment should only take a few commands.
What you do with that is up to you. You can barricade the whole system if you like. The defaults are sane, but not overly focused on privacy, etc.
Also it’s quite a learning curve as the documentation/wiki is incomplete and/or outdated.
You can either try to contact the seller and ask for the password or just erase the UEFI settings by shorting some jumper or something. There should be instructions how to do that for your specific model.
ProtonDB says it’s decent, the game is Steamdeck verified plus you can return it with under two hours playtime, so I’d just buy it.
Any upgrade path with a pirated version should be completely irrelevant.