But which data can they reach ?
Legally they have to tell you and you can access this info based on the terms and conditions / conduct for each company you are using. They might choose to access different things.
Are they accessing private bank information when you're logging into your banking? No (or at least highly likely not). But could they be using your gaming habits and information you use on these games to sell to third party advertisers and research groups for example? Quite possible.
As for the browsing purposes I wouldn't care if they sell my browsing history to 3rd parties because I don't browse anything suspicious or to be ashamed of.
Whilst I agree with you, I tend to point out that this goes further than most people realise. They're not looking at your browsing data to identify suspicious things, and even if you were, it wouldn't make much difference. What they are doing is collecting such vast amounts of information about every person and then able to target you for specific things under the premise that you'll fall trap to it. This may often only come in the form of advertising, but take Brexit for example, Cambridge Analytica bought data of tons of people privately kept through Facebook and then geared a lot of false information targetted to people they identified as susceptible to it, and manipulated their political views to get a political gain. It's not so much about the type of information and more the indirect power they hold over you without you ever realising.
They'll do this with targetted ads in purchases, websites, you name it.
I'm not a conspiracy theorist, just stating that the above is what happens pretty much everday, I think it's practically inevitable so why fight it, but when people realise the scale it goes to, they tend to draw back.
My only concern is, if they are able to reach my passwords or bank account etc.
If you give them that information (through agreements for example) then they could, especially if it's a shady company. But large organisations won't be routing for your bank account info, that's malicious, not just organisational.
However if you started using very shady software, then by all accounts, it could be infected will malware that could grab this information, or they might try and grab it by you giving it willingly through phishing. But it's unlikely to happen with OpenVPN (which I don't know much about), but i highly suspect the "data being used" you're referrings to is much closer to the above about targetted information.