Yes, but …
To congratulate on the birthday, you need the date of birth.
When you ask for the date of birth from new contacts, you must specify that you want to use the date of birth for birthday wishes. In addition, the date of birth may not be mandatory, for example, for orders (unless you have other legal grounds for processing, such as the requirement to store the date of birth in the event of an overnight stay).
This will give you correct consent for new data to be processed.
You can also use the existing data for processing that the data subject expects. If you have wished them a happy birthday in the past, it is legitimate to assume that they expect this processing and you can continue to do so.
Make it easy for data subjects to revoke processing/withdraw consent given.
If you have the date of birth from a third party source and there is no connection to the data subject, sending birthday wishes is questionable from a privacy perspective.
Birthdays that you learn about social networks, you can use within the network for congratulations.
However, a birthday published on Facebook is not automatically usable for company advertising. Where exactly the boundary lies has not yet been decided. One could argue that the data on Facebook is public.