Yes. Using a third-party company does not exclude an organistion from PCI DSS compliance. 

 

However, it may cut down on their risk exposure and consequently reduce the effort to validate compliance. It does not mean they can ignore PCI DSS.