1. Receives. In what form you transmit to the host, in this form it receives. He is not interested in deciphering. Regarding the bank - read about https.
2. A law-abiding citizen visits prohibited sites. So-so. In general, the drag major receives everything on request, and in case of a very urgent need, he will conduct rectal cryptanalysis. The easiest method.
3. They know what kind of traffic. But this is also not particularly interested in your traffic.

Does the hoster receive my traffic and in what form, encrypted or not? If encrypted, can it decrypt?

Of course, he receives - after all, he actually transmits it. Receives in the form in which you give it to the network - it sees the encrypted encrypted, the unencrypted - unencrypted. He can decrypt if the encryption keys are on the same VPS, if he wants to - after all, he physically has the VPS disk :) I took a snapshot of it - and tinker with it to your health. Few people need it, but there is such a possibility.
Certainly. Since it has a disk, it can do anything - it is unlikely that you, for example, check the checksums of packages with the originals when installing them, and even more so, you hardly check whether the system binaries have changed ...
What? In Europe, the attitude towards copyright and legislation in general is a hundred times more reverent (I mean "old Europe" of course, not Serbia, not the Baltic states, where everyone is laid up for everything) and you may be required to provide encryption keys. Here is an interesting article about what in "liberal Europe" they do with lovers of single pickets, for example.
Destinations, volume, protocol, encryption fact.

Law-abiding citizen, sleep well, no one is interested in you)
No one listens to traffic on purpose, everything works in a completely different way, if you go to the wrong site, I'm not talking about the sites that you listed. So, all web resources have logs (even if they do not keep them), and there is your ip-address, and Calculating you, even through 100 proxies and encrypted VPNs, is not difficult, well, of course, but it is doable. But what you did on this site is of little interest to anyone. Don't worry about banking either.
If you want to see what the hoster sees, assemble a stand with a hub at home (namely, a hub, a switch is not that, well, or a managed switch with the ability to mirror the port) and a sniffer in your hands))

Law-abiding citizen, sleep well, no one is interested in you)

sleep in the grave, because using Vpn you are a priori not law-abiding, because by law you do not have a license to encrypt your traffic ... and it's not only about the state, but many others.
For example: competitors, partners, and just guys with a low level of social responsibility can also take an interest in you ..
well, this is such a joke, in which, as you know, there is a share of a joke.
vps provider sees "naturally" all your traffic, because he decrypts it. but intermediate ones can see not only the fact of connection and transmission, but also something more, it depends more on the "type" of encryption.
Let me explain, there is such a thing as a VPN tunnel level, when not all traffic is encrypted, but only data ...
This means something like the following:
Suppose you encrypted your connection with this type. In this case, the provider sees not only your connection, but also the type of transmitted data that you are transmitting. For example telephony. No, of course he will not hear your voice, but he will track the very fact of the transmission of telephone traffic, he can possibly determine the address of your telephone exchange. and some settings of your phone.
In order not to be unfounded, I can say that Ros * barely * ohm has equipment capable of doing this, and I think not only. Here are just the guys from Ros * barely * om, apparently "not friendly" with its setting, because sometimes their equipment also tries to route this telephone traffic bypassing the VPN, which accordingly "lies" the entire encrypted channel.
This VPN is default for some types of hardware routers (cisco, juniper,
This feature can expose part of the infrastructure behind the VPN.
For OpenVPN, the "tun" interface has this property.
However, despite the obvious disadvantages with "security", this type of connection has a number of advantages:
First of all, it is speed. Since less traffic needs to be encrypted - less CPU load, a slower / cheaper piece of iron can handle the channel.
Secondly, as it was already written earlier, the ability to provide providers with separate routing of traffic, if properly configured, this can significantly improve the quality / stability of the connection.