I suppose I should be more specific so as not to cause a panic, things you enter into forms and such can be, and most of the times are, secure. Only you and the party you're sending it to can read it. What others (ISP, Facebook, Google, Apple, etc...) can see is more general. Banking is easy to illustrate. The transactions you make on a bank website are perfectly secure just as if you went into a physical bank. What can be collected is that you went to a bank website, spent some time there, and may have clicked some links out from there also very similar to someone who watched you travel to your bank and subsequently leave. The whole process is not unlike the big hoopla about collecting mail information several years ago.
There are of course always exceptions in the form of rogue networks, malware, and other nastiest but you usually have to be doing something questionable to start with for those to be an issue.
The ONE place where a VPN of any sort is beneficial is public networks (Starbucks, Airport, Hotel, etc...). Using it will prevent basic hacking and snooping by others connected to the network. You don't have to pay for this though, you can likely setup a VPN to your home for free and accomplish the same results.
Ok, thought of a second. You can sometimes use a VPN to get around location blocking things. For example a site or service is not available in the US, if your VPN makes it look like you are in the EU, then you can access said site or service. This doesn't always work though as there are other ways to guess your location too.
VPN limits tracking using an otherwise stable IP, I also spoof my MAC address to frustrate tracking by that and make configuration tracking harder. It's digital Thermopylae, I know I can't stop them but I won't make it easy for them