Actually, this website outlines what forms we may have to fill out:
https://www.onetrust.com/blog/what-is-a-pci-dss-self-assessment-questionnaire/
This one looks like it likely applies to me:
SAQ C-VT
Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based, virtual payment terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage. Not applicable to ecommerce channels.
This is a 10 page form, which can be found here:
https://www.pcisecuritystandards.org/search/#?cludoquery=SAQ&cludopage=1&cludoinputtype=standard
Now just awaiting an answer from [email address removed] about if I can submit an SAQ C-VT or SAQ-A and where to submit it.
