How can I ensure that my third-party service provider cannot see the machine data, and that only the machine manufacturer (MM) can see it?

By default, access to the data is not allowed. Only if you assign an authorization policy for the third-party service provider or for a specific person that allows them to view that data will they be able to see it. Click here for more details.