This is way off base. Using PI to fulfill a request someone has made of you is the happy path of GDPR, you just can't retain or reuse that information more than you have
1) a contract or
2) permission or
3) a lawful task
For.
Having other parties process PI for you is fine as long as it's done under an agreement that binds them to the same terms.
First, no, you cannot reduce a thousands of words long legal document to a few words like you did and say "Easy, this is how it works". Those thousands of words are there for a reason.
Second, good luck, figuring out what you have "a contract, permission or a lawful task" for under the specific circumstances of your site.
Third, good luck, making and understanding an "agreement that binds them" with every provider of every piece of infrastrcuture you use. Good luck doing that for even a single piece of infrastructure.
1) a contract or
2) permission or
3) a lawful task
For.
Having other parties process PI for you is fine as long as it's done under an agreement that binds them to the same terms.