¹ Where two or more controllers jointly determine the purposes and means of processing, they shall be considered joint controllers. ² Joint controllers shall determine their respective tasks and responsibilities under data protection law in a transparent manner in an agreement, unless these tasks and responsibilities are already determined by law. ³ In particular, this agreement must indicate which of them must meet which information obligations, and how and with respect to whom data subjects may exercise their rights. ⁴ Such an agreement shall not prevent data subjects from asserting their rights against each of the joint controllers.