Yes, but …
For sending out birthday wishes you need the date of birth of your customers.
If you are asking a new customer for their date of birth, you have to state that you want to use the date of birth for sending out birthday wishes. Additionally, asking for the date of birth at the time of order must not be absolutely necessary (if you don’t have other legal basis for the processing e.g. the regulation to save the date of birth for overnight stays).
Therewith you are getting a proper approval for the processing of new data.
You can also use the existing data for processings that can be expected by the data subject. If you sent out birthday wishes in the past it is legitimate to assume that the data subjects are expecting this kind of processing and you can continue to do so.
Make it easy for the data subjects to revoke the processing or to withdraw their consent.
If you have obtained the date of birth from a third source and there is no link to the data subject, the sending of birthday wishes is questionable from a data protection point of view.
If you have gotten the birthdays via social networks, you can use this information to send out birthday wishes within this social network.
A birthday that has been published to Facebook cannot automatically be used for institutional advertising. Where exactly you can draw the line is not yet brought to the supreme court. One could argue that the data on Facebook is public.