§ 58 HDSIG
Joint Procedures, Joint Controllers
(1)The establishment of a procedure that allows several controllers as joint controllers to process personal data shall only be permissible where this is appropriate taking into account the legitimate interests of the data subjects and the tasks of the bodies involved.
(2)Where two or more controllers jointly determine the purposes and means of processing, they shall be considered joint controllers.
(3)Joint controllers shall designate a body responsible for the planning, establishment and operation of the joint procedure, and shall set out their respective tasks and data protection responsibilities in a transparent manner in an agreement, unless these are already laid down in legal provisions. The agreement shall in particular indicate who is to comply with which information obligations and how and vis-a-vis whom data subjects may exercise their rights. A corresponding agreement shall not prevent the data subject from exercising his or her rights vis-a-vis each of the joint controllers.
(4)Para. 1 to 3 shall apply accordingly where a joint procedure for the processing of personal data for different purposes is established within a public body. zur Einzelansicht § 58